US11062299B2 - System and method for indicating entry of personal identification number - Google Patents

System and method for indicating entry of personal identification number Download PDF

Info

Publication number
US11062299B2
US11062299B2 US16/540,666 US201916540666A US11062299B2 US 11062299 B2 US11062299 B2 US 11062299B2 US 201916540666 A US201916540666 A US 201916540666A US 11062299 B2 US11062299 B2 US 11062299B2
Authority
US
United States
Prior art keywords
cots device
cots
application
payment application
payment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US16/540,666
Other versions
US20190370785A1 (en
Inventor
Hwai Sian Tsai
Chi Wah Lo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Stripe Inc
Original Assignee
BBPOS Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US16/166,353 external-priority patent/US10936189B2/en
Priority claimed from PCT/CN2019/086235 external-priority patent/WO2019214687A1/en
Application filed by BBPOS Ltd filed Critical BBPOS Ltd
Priority to US16/540,666 priority Critical patent/US11062299B2/en
Priority to PCT/CN2019/102299 priority patent/WO2020038467A1/en
Priority to CN201980069631.XA priority patent/CN112889262A/en
Publication of US20190370785A1 publication Critical patent/US20190370785A1/en
Assigned to BBPOS Limited reassignment BBPOS Limited ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LO, CHI WAH, TSAI, HWAI SIAN
Priority to US17/368,934 priority patent/US11663584B2/en
Publication of US11062299B2 publication Critical patent/US11062299B2/en
Application granted granted Critical
Assigned to Stripe, Inc. reassignment Stripe, Inc. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BBPOS Limited
Priority to US18/197,620 priority patent/US12039519B2/en
Priority to US18/735,539 priority patent/US20240330897A1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/353Payments by cards read by M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code

Definitions

  • the present disclosure relates to software-based personal identification number (PIN) entry on commercial off-the-shelf (COTS) devices.
  • PIN personal identification number
  • COTS commercial off-the-shelf
  • CV Cardholder Verification
  • the pad used to enter PINs is a specialized hardware device which is highly secured against tampering or attempts to steal the PIN from its legitimate owner.
  • EMV Europay Mastercard Visa
  • PCI SSC Payment Card Industries Security Standards Council
  • COTS Commercial off-the-shelf
  • SPoC Software-based PIN entry on Commercial Off The Shelf
  • the SPoC standard provides guidelines for PIN entry on a touch screen of a mobile phone or tablet without needing a physical secure PIN pad. It is also loosely referred to as PIN on Mobile (PoM) or PIN on Glass (PoG).
  • a system to indicate to a user to enter a personal identification number (PIN) on a commercial off the shelf (COTS) device comprising: a secure card reader coupled to the COTS device via a connection, and wherein the secure card reader receives a payment card; a payment application installed on the COTS device; and one or more devices other than the COTS device, wherein the payment application installed on the COTS device transmits one or more prompts to the one or more devices other than the COTS device based on a set of signals received from the secure card reader, further wherein the secure card reader transmits the set of signals after the payment card is received at the secure card reader, and wherein said one or more prompts comprise at least one indication to the user to enter the PIN on a display of the COTS device.
  • PIN personal identification number
  • COTS commercial off the shelf
  • a method to indicate to a user to enter a personal identification number (PIN) on a commercial off the shelf (COTS) device comprising: receiving a payment card on a secure card reader coupled to the COTS device; and transmitting, by a payment application running on the COTS device, one or more prompts to one or more devices other than the COTS device after said receiving, wherein said one or more prompts comprise at least one indication to the user to enter the PIN on a display of the COTS device.
  • PIN personal identification number
  • COTS commercial off the shelf
  • FIG. 1 illustrates an example of a system to enable seamless transition for PIN entry in accordance with various embodiments of this disclosure
  • FIG. 2A illustrates an example of a COTS device in accordance with various embodiments of this disclosure
  • FIG. 2B illustrates an example of downloading and installing a payment application on a COTS device using a secure process for application installation and updating in accordance with various embodiments of this disclosure
  • FIG. 2C illustrates an example of a COTS device incorporating an application installation controller in accordance with various embodiments of this disclosure
  • FIG. 2D illustrates an example of a process for vendor distribution of applications in accordance with various embodiments of this disclosure
  • FIG. 2E illustrates an example of a security measure to prevent a sensitive portion of an application from running on one or more unauthorized devices in accordance with various embodiments of this disclosure
  • FIG. 2F illustrates an example of segregation of an application into different classes and utilization of application level sandboxes in accordance with various embodiments of this disclosure
  • FIG. 2G illustrates an example of a method for vendor upload of applications incorporating classification of applications for different sandboxes in accordance with various embodiments of this disclosure
  • FIG. 3 illustrates an example of a process for prompt transmission by a payment application in accordance with various embodiments of this disclosure
  • FIG. 4 illustrates an example of a payment screen in accordance with various embodiments of this disclosure
  • FIG. 5 illustrates an example of a display of an alert in accordance with various embodiments of this disclosure
  • FIG. 6 illustrates an example of a verification screen in accordance with various embodiments of this disclosure
  • FIG. 7A illustrates an example of a COTS device which incorporates a randomization subsystem in accordance with various embodiments of this disclosure
  • FIG. 7B illustrates an example of a keypad displayed on a touchscreen in accordance with various embodiments of this disclosure
  • FIG. 7C illustrates a detailed example of a keypad in accordance with various embodiments of this disclosure.
  • FIG. 7D illustrates an example of a process to randomly select the width of a button in accordance with various embodiments of this disclosure
  • FIG. 7E illustrates an example of a process to randomly select the height of a button in accordance with various embodiments of this disclosure
  • FIG. 7F illustrates an example of a process to select row heights and column widths in series in accordance with various embodiments of this disclosure
  • FIG. 7G illustrates an example of a process to select row heights and column widths in parallel in accordance with various embodiments of this disclosure
  • FIG. 7H illustrates a starting position for a keypad in accordance with various embodiments of this disclosure
  • FIG. 7I illustrates an example of rolling up rows on a keypad in accordance with various embodiments of this disclosure
  • FIG. 7J illustrates an example of flipping columns on a keypad in accordance with various embodiments of this disclosure
  • FIG. 7K illustrates an example of a left to right mirrored keypad in accordance with various embodiments of this disclosure
  • FIG. 7L illustrates an example of a vertically mirrored keypad in accordance with various embodiments of this disclosure
  • FIG. 7M illustrates an example of random selection of two or more display parameters in combination in accordance with various embodiments of this disclosure.
  • FIG. 7N illustrates an example of a sequence for a random selection of combinations of display parameters in accordance with various embodiments of this disclosure.
  • a system and method to reduce discontinuities and present a seamless transition from a payment application or “app” to the CV application is detailed below.
  • FIG. 1 illustrates an example of a system to enable seamless transition for PIN entry in accordance with various embodiments of this disclosure.
  • User 101 interfaces with commercial off the shelf (COTS) device 102 to, for example, make payments.
  • COTS device 102 is, for example, a smartwatch, smartphone, tablet, laptop, or any appropriate computing and network-enabled device.
  • COTS device 102 An example of COTS device 102 is shown in FIG. 2A .
  • Processor 102 - 1 performs processing functions and operations necessary for the operation of COTS device 102 , using data and programs stored in storage 102 - 2 .
  • An example of such a program is payment application 102 - 4 .
  • Display 102 - 3 performs the function of displaying data and information for user 101 .
  • Input devices 102 - 5 allow user 101 to enter information. This includes, for example, devices such as a touch screen, mouse, keypad, keyboard, microphone, camera, video camera and so on.
  • display 102 - 3 is a touchscreen which means it is also part of input devices 102 - 5 .
  • Communications module 102 - 6 allows COTS device 102 to communicate with devices and networks external to COTS device 102 . This includes, for example, communications via BLUETOOTH®, Wi-Fi, Near Field Communications (NFC), Radio Frequency Identification (RFID), 3G, Long Term Evolution (LTE), Universal Serial Bus (USB) and other protocols known to those of skill in the art.
  • Sensors 102 - 7 perform functions to sense or detect environmental or locational parameters. Sensors 102 - 7 include, for example, accelerometers, gyroscopes, magnetometers, barometers, Global Positioning System (GPS), proximity sensors and ambient light sensors.
  • the components of COTS device 102 are coupled to each other as shown in FIG. 2A .
  • secure card reader 103 is communicatively coupled to COTS device 102 via either connection 107 or networks 105 .
  • secure card reader 103 is coupled to server 106 via networks 105 .
  • Secure card reader 103 is functional to read payment cards such as payment card 104 .
  • Payment card 104 is, for example, a credit card or a debit card.
  • payment card 104 has a chip, such as an EMV chip.
  • payment card 104 has a magnetic stripe.
  • payment card 104 is enabled for near field communications (NFC).
  • secure card reader 103 is able to read payment cards having magnetic stripes, chips, and NFC capabilities.
  • Networks 105 can be implemented using a variety of networking and communications technologies.
  • networks 105 are implemented using wired technologies such as Firewire, Universal Serial Bus (USB), Ethernet and optical networks.
  • networks 105 are implemented using wireless technologies such as WiFi, BLUETOOTH®, NFC, 3G and LTE.
  • networks 105 are implemented using satellite communications links.
  • the communication technologies stated above include, for example, technologies related to a local area network (LAN), a campus area network (CAN) or a metropolitan area network (MAN).
  • networks 105 are implemented using terrestrial communications links.
  • networks 105 comprise at least one public network.
  • networks 105 comprise at least one private network.
  • networks 105 comprise one or more subnetworks. In some of these embodiments, some of the subnetworks are private. In some of these embodiments, some of the subnetworks are public.
  • communications within networks 105 are encrypted.
  • COTS device 102 is coupled to secure card reader 103 via, for example, connection 107 or networks 105 .
  • Connection 107 is implemented using technologies which enable communicative coupling between COTS device 102 and secure card reader 103 . Examples of connection 107 include:
  • Server 106 performs back-end processing as necessary. This back-end processing is performed to facilitate, for example, payment flows and cardholder verification.
  • server 106 is coupled to secure card reader 103 via networks 105 .
  • server 106 is coupled to COTS device 102 via networks 105 .
  • Server 106 can be implemented in a variety of ways. In some embodiments, server 106 is implemented using a single server. In other embodiments, server 106 is implemented using a plurality of devices. In some embodiments, server 106 is implemented using some combination of hardware and software. In yet other embodiments, server 106 is implemented in a distributed fashion, whereby the components of server 106 are situated at one or more locations.
  • the user has one or more user devices 110 associated with the user. These include, for example, smartwatches, smartphones, tablets, laptops, desktops or any appropriate computing and network-enabled device. In some embodiments, these one or more user devices 110 are communicatively coupled to networks 105 so as to transmit communications to, and receive communications from networks 105 .
  • Payment application 102 - 4 of FIG. 2A will now be discussed in more detail.
  • Payment application 102 - 4 is functional to implement a payment process for a vendor. It serves to accept price inputs, calculate price totals and so on. In some embodiments, it also performs functions such as displaying a PIN pad for the user to enter a PIN. It also interacts with secure card reader 103 as necessary and transmits prompts to other devices and to other components of FIG. 1 such as server 106 as necessary.
  • the payment application 102 - 4 is downloaded and installed on COTS device 102 using a secure process for application installation and updating as described in Patent Cooperation Treaty Application No. PCT/CN2019/086235 to Tsai et al, filed May 9, 2019.
  • COTS device 2 B- 01 is similar to COTS device 102 and includes an additional application installation controller.
  • a detailed example of COTS device 2 B- 01 is shown in FIG. 2C .
  • Components 2 C- 01 to 2 C- 07 are similar to components 102 - 1 to 102 - 7 of COTS device 102 respectively.
  • COTS device 2 B- 01 comprises application or “app” installation controller 2 C- 08 for installation of payment application 2 C- 04 which is similar to payment application 102 - 4 . This will be described in further detail below.
  • COTS device 2 B- 01 is also coupled to terminal management server (TMS) 2 B- 02 via network 2 B- 05 , which is similar to networks 105 .
  • TMS 2 B- 02 performs the functions of acquiring and processing payment transactions from COTS device 2 B- 01 , and communicating with COTS device 2 B- 01 to perform identification, verification, authorization and authentication functions.
  • TMS 2 B- 02 receives and transmits information and also performs encryption and decryption as necessary. In some embodiments, communications between TMS 2 B- 02 and COTS device 2 B- 01 are performed using encrypted channels.
  • Application or “app” store 2 B- 03 stores one or more apps and allows apps to be uploaded from vendors 2 B- 04 . Apps are distributed from app store 2 B- 03 to COTS device 2 B- 01 .
  • networks 2 B- 05 which as explained previously is similar to networks 105 .
  • TMS 2 B- 02 and COTS device 2 B- 01 communicate with each other over networks 2 B- 05 using encrypted channels.
  • encryption techniques used include:
  • COTS device 2 B- 01 communicates with TMS 2 B- 02 to indicate to TMS 2 B- 02 that it wants to install and run an app.
  • the TMS 2 B- 02 then performs the following functions:
  • FIG. 2D An example of a process for vendor distribution of apps including the TMS 2 B- 02 providing authentication for COTS device 2 B- 01 before installation and running of the app is illustrated in FIG. 2D .
  • step 2 D- 01 the payment app 2 C- 04 is uploaded into the app store 2 B- 03 .
  • step 2 D- 02 the user requests download of the app via COTS device 2 B- 01 from the app store 2 B- 03 .
  • step 2 D- 03 the app image is hashed using a hash function on the app store 2 B- 03 to create a hash value. The resulting hash value is then signed with the app store private key.
  • step 2 D- 04 the app image is bundled with the signed application hash and transmitted to the COTS device 2 B- 01 .
  • step 2 D- 05 the COTS device 2 B- 01 authenticates the downloaded app 2 C- 04 , to determine whether it is from the app store 2 B- 03 .
  • the encrypted application hash is decrypted using the app store public key, and the downloaded app image is hashed on the COTS device 2 B- 01 using the same hash function which is on the app store 2 B- 03 .
  • the decrypted hash and the hash corresponding to the downloaded app image are compared to verify that the app image has
  • step 2 D- 06 the authentication process is carried out. If the downloaded app does not pass the authentication process in step 2 D- 06 , then in step 2 D- 08 , the app 2 C- 04 is deleted from COTS device 2 B- 01 .
  • step 2 D- 11 of FIG. 2D the app installation controller 2 C- 08 on COTS device 2 B- 01 calculates the hash value of the app image. This is performed using, for example, a hash function stored in storage 2 C- 03 of COTS device 2 B- 01 .
  • step 2 D- 12 the COTS device 2 B- 01 then signs the app image prior to transmission to the TMS 2 B- 02 .
  • This step comprises encrypting the resultant hash by a unique-per-device key and submitting the signature together with the app image to TMS 2 B- 02 .
  • a symmetric key arrangement is used, that is, where TMS 2 B- 02 uses the same key as COTS device 2 B- 01 for decryption.
  • the signing then utilizes a symmetric key or some means based on a shared secret for TMS 2 B- 02 to derive such a symmetric key.
  • TMS 2 B- 02 derives a symmetric key from a base-key and a unique number from COTS device 2 B- 01 .
  • an asymmetric key arrangement is used, that is, where TMS 2 B- 02 uses a different key to COTS device 2 B- 01 for decryption.
  • An example would be where COTS device 2 B- 01 has a private key and sends the signature with a certification of its public key, so the TMS 2 B- 02 can verify and extract the terminal public key and using it for verifying the signature.
  • Steps 2 D- 13 to 2 D- 17 concern the authorization and authentication steps performed by TMS 2 B- 02 .
  • TMS 2 B- 02 receives the signed app image, and decrypts the received encrypted hash.
  • TMS 2 B- 02 calculates a hash for the received app image using a stored hash function.
  • step 2 D- 15 TMS 2 B- 02 compares the two hash values. If the two hash values match each other, then in step 2 D- 16 TMS 2 B- 02 authenticates the app and authorizes the COTS device 2 B- 01 to install and run the app. If the two hash values do not match each other, then in step 2 D- 17 , TMS 2 B- 02 instructs COTS device 2 B- 01 that the app is not valid.
  • the keys can be unique per account, unique per session or unique per download. This offers more security compared to the prior art where the keys are limited to being unique per app image.
  • the app Since the signature for vendor app authentication no longer needs to be bundled with the app download package, the app is transparent to the standard app store. This is because the process of downloading the app is then similar to the process of downloading other non-payment apps. This makes it easier to use an app store for the purposes of distribution and managing of payment apps for terminals.
  • FIG. 2E shows an example of a further security measure to prevent the sensitive part of the app from running on unauthorized devices.
  • FIG. 2E shows an example of a further security measure to prevent the sensitive part of the app from running on unauthorized devices.
  • Steps 2 E- 01 and 2 E- 02 work to prevent the protected code segment from being exposed outside a trusted execution environment, and the protected code segment prevents the app from performing critical/sensitive operations in devices or platforms other than intended devices with intended Electronic Funds Transfer Point of Sale (EFTPOS) platforms.
  • EFTPOS Electronic Funds Transfer Point of Sale
  • app class sandboxes are employed to protect system resources and applications from being accessed by unauthorized apps.
  • the apps are divided into 3 classes, each having a corresponding app class sandbox, so as to achieve segregation of applications based on level of authorization and type of application.
  • these app class sandboxes are employed in addition to, for example, existing Linux/Android sandboxes.
  • FIG. 2F shows the properties of each class in table 2 F- 00 .
  • Row 2 F- 01 of FIG. 2F corresponds to class A
  • row 2 F- 02 of FIG. 2F corresponds to class B
  • row 2 F- 03 corresponds to class C.
  • Column 2 F- 04 describes the types of app covered in each class
  • column 2 F- 05 describes the security objective of each class
  • column 2 F- 06 describes the control means.
  • each cell of the table 2 F- 00 is denoted by (row, column).
  • the cell which indicates the type of app covered in class A is in the cell within row 2 F- 01 and column 2 F- 04 , and will be denoted as ( 2 F- 01 , 2 F- 04 ).
  • Class A covers authorized payment apps, as shown in cell ( 2 F- 01 , 2 F- 04 ).
  • Class B covers authorized non-payment apps as shown in cell ( 2 F- 02 , 2 F- 04 ).
  • Class C covers unauthorized apps as shown in cell ( 2 F- 03 , 2 F- 04 ).
  • class A apps As shown in cell ( 2 F- 01 , 2 F- 05 ), since these are authorized payment apps the OS does not restrict the access of these apps to sensitive data and functions. These apps are then placed in a relatively loose app class sandbox, with restrictions similar to, for example, the application sandbox in Security-Enhanced Linux (SE Linux), as shown in cell ( 2 F- 01 , 2 F- 06 ).
  • SE Linux Security-Enhanced Linux
  • class B apps As shown in cell ( 2 F- 02 , 2 F- 05 ), the OS restricts the access of these apps to sensitive data and functions, such as the functions for reading finance card data, and certain related functions for cryptographic operations. Therefore, these apps will not be able to impact such sensitive assets. It significantly reduces the effort of app approval processes.
  • the app class sandbox for class B apps therefore has restrictions on access to sensitive data and functions in addition to the restrictions of the app class sandbox for class A apps, as shown in cell ( 2 F- 02 , 2 F- 06 ).
  • class C apps As shown in cell ( 2 F- 03 , 2 F- 05 ), as the apps are not authorized by the vendor, in addition to the security objective for class B apps of restricting access to sensitive functions and data, the OS prevents these apps from requesting data from consumers and merchants, which may lead to security issues.
  • the risk with an unknown app is that the app can ask user to enter authentication information such as Personal-Identification-Number (PIN) or card account number.
  • PIN Personal-Identification-Number
  • a combination of one or more techniques is used to warn the user not to enter such information when running a class C app.
  • warning techniques operate independently of the app and have the following effect: If there is an unauthorized app displaying misleading messages requesting sensitive information such as payment data to be entered into the app, then since the app cannot control the operation of these techniques, the user will then be warned not to enter sensitive information into the app.
  • These methods include, for example:
  • the app class sandbox for class C apps therefore has extra restrictions when compared to the app class sandbox restrictions for class B apps.
  • the COTS device determines the class of the app being installed. The determination is based on, for example:
  • Steps 2 G- 01 to 2 G- 06 and 2 G- 08 are identical to steps 2 D- 01 to 2 D- 06 and 2 D- 08 of FIG. 2D . If in step 2 G- 06 the downloaded app passes the authentication process, then in step 2 G- 07 a determination is made as to whether the app is an EFTPOS vendor app. If no, then in step 2 G- 21 the app is installed as a class C app. If yes, then step 2 G- 11 is executed. Steps 2 G- 11 to 2 G- 17 are identical to steps 2 D- 11 to 2 D- 17 of FIG. 2D .
  • step 2 G- 18 a determination is made as to whether the app is a payment app. If it is a payment app in step 2 G- 19 the app is installed as a class A app. If not, then in step 2 G- 20 the app is installed as a class B app.
  • apps may require patches for bugs and vulnerabilities, upgrades and introductions of new features.
  • EFTPOS vendors traditionally these updates were distributed by terminal vendors, acquirers, or other third parties certified by electronic payment industrial standards.
  • the size of the new updates and patches are significantly larger in size than ordinary EFTPOS firmware and software, it implies a heavy loading to the traditional terminal-management-system or other traditional distribution channels, which is very undesirable.
  • the process outlined above in FIGS. 2D and 2G can be generalized to these other processes. This makes maintenance and updating of such apps easier as well, as most app stores are better equipped for maintenance and updating of apps. Furthermore, this makes it easier to improve Quality of Service (QoS), as app stores have established procedures to improve QoS. Then, the authenticity, authority, integrity and sensitive code privacy can be assured by such methods.
  • QoS Quality of Service
  • the payment application 102 - 4 transmits one or more prompts to one or more user devices 110 to indicate to the user to enter a card and a PIN.
  • FIG. 3 demonstrates a process for prompt transmission by the payment application 102 - 4 .
  • step 301 the payment application presents a payment screen on display 102 - 3 of COTS device 102 to user 101 .
  • An example of a payment screen 400 is presented in FIG. 4 .
  • Screen 400 displays items for purchase 401 , payment totals 402 and “pay” button 403 .
  • step 302 user 101 activates pay button 403 .
  • the payment application receives the input, and prompts the user to enter payment card 104 into the secure card reader.
  • step 303 the user is prompted to enter the payment card into the secure card reader 103 .
  • the secure card reader 103 is able to read information stored on the payment card and retrieve, for example, an email address associated with the user.
  • the payment application 102 - 4 running on COTS device 102 receives a set of signals from secure card reader 103 over connection 107 indicating that the payment card 104 has been entered into secure card reader 103 , and requesting a PIN number for verification.
  • the set of signals also comprises one or more addresses necessary to transmit one or more prompts to the user.
  • the payment application 102 - 4 transmits one or more signals to one or more devices other than COTS device 102 , wherein the one or more signals comprise one or more prompts to indicate to the user to enter a PIN.
  • this comprises a prompt transmitted to the secure card reader.
  • this comprises a prompt transmitted to one or one or more devices 110 over a messaging medium such as Short Message Service (SMS), email, instant messaging.
  • SMS Short Message Service
  • the device other than COTS device 102 receives the transmitted prompt and based on the transmitted prompt, indicates to the user to enter a PIN. In some embodiments, this comprises displaying an alert on a screen of the device other than the COTS device 102 . An example is shown in FIG. 5 . Alert 502 is displayed on, for example, screen 500 of secure card reader 103 .
  • step 307 based on the indication, the user enters a PIN on a PIN pad displayed by payment application 102 - 4 on a verification screen presented on the display of the COTS device 102 .
  • An example of the verification screen is presented in FIG. 6 .
  • verification screen 500 comprises background 601 , and a software PIN pad region 602 where the PIN pad is displayed.
  • the display parameters of the PIN pad are randomized. Systems and methods for randomization were described in U.S. patent application Ser. No. 16/166,353, to Tsai et al, filed Oct. 22, 2018.
  • FIG. 7A illustrates an example of a COTS device.
  • components 7 A- 01 to 7 A- 07 of COTS device 701 are similar to components 102 - 1 to 102 - 7 of COTS device 102 .
  • COTS device 701 also incorporates the functionalities of an additional randomization subsystem similar to randomization subsystem 7 A- 08 of FIG. 1 of U.S. patent application Ser. No. 16/166,353.
  • COTS device 701 comprises a separate randomization subsystem 7 A- 08 component. While in FIG.
  • additional randomization subsystem 7 A- 08 is shown as a separate component, one of skill in the art would know there are other ways to incorporate additional randomization subsystem 7 A- 08 into COTS device 701 .
  • payment application 7 A- 04 comprises an additional randomization subsystem.
  • processor 102 - 1 performs the functionalities of additional randomization subsystem 7 A- 08 .
  • Randomization subsystem 7 A- 08 performs the function of randomly selecting values for one or more variables related to at least one of said one or more display parameters. Randomization subsystem 7 A- 08 can be implemented in a variety of ways. In some embodiments, randomization subsystem 7 A- 08 is implemented in hardware. In some embodiments, randomization subsystem 7 A- 08 is implemented in software. In some embodiments, randomization subsystem 7 A- 08 is implemented using a combination of hardware and software. Randomization subsystem 7 A- 08 performs the random selections detailed below using one or more probability distributions. Examples of probability distributions which are used are, for example, the uniform distribution and the Gaussian distribution.
  • FIG. 7B A detailed example of a keypad on a touchscreen is shown in FIG. 7B .
  • display 7 A- 03 of COTS device 701 is a touchscreen.
  • this touchscreen will be referred to as touchscreen 7 A- 09 , and it is also part of input devices 7 A- 05 .
  • keypad 7 B- 03 is displayed within touchscreen 7 A- 09 .
  • Touchscreen 7 A- 09 has a width 7 B- 07 in the horizontal or x-direction; and a height 7 B- 05 in the vertical or y-direction.
  • Keypad 7 B- 03 has a width 7 B- 14 in the x-direction and a height 7 B- 09 in the y-direction.
  • randomization subsystem 7 A- 08 randomly selects only the location of the keypad relative to a corner of the touchscreen. Examples are shown below. In these embodiments, keypad width 7 B- 14 and keypad height 7 B- 09 are fixed.
  • the location of the bottom left corner of the keypad relative to the bottom left corner of touchscreen 7 A- 09 is given by the variables of (x,y) co-ordinates ( 7 B- 13 , 7 B- 11 ).
  • the range of possible values of the location x-co-ordinate 7 B- 13 is calculated based on the touchscreen width 7 B- 07 and the keypad width 7 B- 14 .
  • the range of possible values of the location y-co-ordinate 7 B- 11 is calculated based on the touchscreen height 7 B- 05 and the keypad height 7 B- 09 .
  • these calculations take into account the need for gaps between the vertical edges of the touchscreen 7 A- 09 and keypad 7 B- 03 ; and between the horizontal edges of the touchscreen 7 A- 09 and keypad 7 B- 03 . Examples are demonstrated below:
  • FIG. 7B While only one x-direction gap between the right edges of the touchscreen 7 A- 09 and keypad 7 B- 03 is shown in FIG. 7B , one of skill in the art would know that this is one example. In some embodiments, there is a second x-direction gap between the left edges of the touchscreen 7 A- 09 and keypad 7 B- 03 .
  • FIG. 7B While only one y-direction gap between the upper edges of the touchscreen 7 A- 09 and keypad 7 B- 03 is shown in FIG. 7B , one of skill in the art would know that this is one example. In some embodiments, there is a second y-direction gap between the bottom edges of the touchscreen 7 A- 09 and keypad 7 B- 03 .
  • the location x-co-ordinate 7 B- 13 is selected randomly from the range [0, (touchscreen width 7 B- 07 ) ⁇ (keypad width 7 B- 14 +x-direction gap 7 B- 12 )].
  • location y-co-ordinate 7 B- 11 is selected randomly from the range [0, (touchscreen height 7 B- 05 ) ⁇ (keypad height 7 B- 09 +y-direction gap 7 B- 08 )].
  • randomization subsystem 7 A- 08 based on one or more probability distributions such as the uniform distribution or the Gaussian distribution as explained above.
  • randomization subsystem 7 A- 08 only randomly selects the size of the keypad, that is, only the variables of keypad width 7 B- 14 and keypad height 7 B- 09 are randomly selected.
  • the ranges of available keypad widths and keypad heights take into account any requirements for gaps between the keypad and touchscreen edges. Examples are demonstrated below for a case where there are two x-direction gaps and two y-direction gaps.
  • the keypad width 7 B- 14 is randomly selected from the range [Xkeymin, (touchscreen width 7 B- 07 ) ⁇ 2 ⁇ (x-direction gap 7 B- 12 )], where Xkeymin is the minimum length of the keyboard in the x-direction.
  • the keypad height 7 B- 09 is randomly selected from the range [Ykeymin, touchscreen height 7 B- 05 ⁇ 2 ⁇ (y-direction gap 7 B- 08 )], where Ykeymin is the minimum height of the keyboard in the y-direction. Then the location co-ordinates ( 7 B- 13 , 7 B- 11 ) are calculated taking into account the randomly selected touchscreen width and height.
  • Location x-coordinate 7 B- 13 touchscreen width 7 B- 07 ⁇ keypad width 7 B- 14
  • Location y-coordinate 7 B- 11 touchscreen height 7 B- 05 ⁇ keypad height 7 B- 09
  • randomization subsystem 7 A- 08 only randomly selects the size of the buttons in the keypad. That is, keypad width 7 B- 14 , keypad height 7 B- 09 , the location x-co-ordinate 7 B- 13 and y-co-ordinate 7 B- 11 are all fixed. At least one of the heights and widths of the buttons within the keypad are randomly selected.
  • FIG. 7C illustrates a further detailed description of keypad 7 B- 03 .
  • Keypad 7 B- 03 comprises columns 7 C- 14 - 1 , 7 C- 14 - 2 and 7 C- 14 - 3 ; and rows 309 - 1 , 309 - 2 , 309 - 3 and 309 - 4 .
  • each button within keypad 7 B- 03 is referenced by [row, column] notation.
  • the button containing the number “1” is button [ 309 - 4 , 7 C- 14 - 1 ].
  • the width of columns 7 C- 14 - 1 , 7 C- 14 - 2 and 7 C- 14 - 3 are given by 7 C- 24 - 1 , 7 C- 24 - 2 and 7 C- 24 - 3 respectively.
  • the height of rows 7 C- 09 - 1 , 7 C- 09 - 2 , 7 C- 09 - 3 and 7 C- 09 - 4 are given by 7 C- 19 - 1 , 7 C- 19 - 2 , 7 C- 19 - 3 and 7 C- 19 - 4 respectively.
  • button [ 7 C- 09 - 4 , 7 C- 14 - 1 ] is 7 C- 24 - 1 and the height of button [ 7 C- 09 - 4 , 7 C- 14 - 1 ] is given by 7 C- 19 - 4 .
  • the row heights 7 C- 19 - 1 , 7 C- 19 - 2 , 7 C- 19 - 3 and 7 C- 19 - 4 are fixed, and the width of each column is randomly selected.
  • randomization subsystem 7 A- 08 randomly selects column width 7 C- 24 - 1 from the range [XBmin, (keypad width 7 B- 14 ) ⁇ 2 ⁇ XBmin], where XBmin is the minimum width of the button in the horizontal (x) direction.
  • step 7 D- 02 column width 7 C- 24 - 2 is randomly selected by randomization subsystem 7 A- 08 from the range [XBmin, (keypad width 7 B- 14 ) ⁇ ( 7 C- 24 - 1 +XBmin)].
  • step 7 D- 03 column width 7 C- 24 - 3 is then set to [keypad width 7 B- 14 ⁇ (column width 7 C- 24 - 1 +column width 7 C- 24 - 2 )].
  • the column widths are fixed, and the heights of each row are randomly selected.
  • row height 7 C- 19 - 1 is randomly selected by randomization subsystem 7 A- 08 from the range [YBmin, keypad height 7 B- 09 - 3 ⁇ YBmin], where YBmin is the minimum height of the button in the vertical (y) direction.
  • step 7 E- 02 row height 7 C- 19 - 2 is randomly selected by randomization subsystem 7 A- 08 from the range [YBmin, keypad height 7 B- 09 ⁇ (row height 7 C- 19 - 1 +2 ⁇ YBmin)].
  • step 7 E- 03 row height 7 C- 19 - 3 is randomly selected by randomization subsystem 7 A- 08 from the range [YBmin, keypad height 7 B- 09 ⁇ (row height 7 C- 19 - 1 +row height 7 C- 19 - 2 +YBmin)].
  • step 7 E- 04 row height 7 C- 19 - 4 is then set to keypad height 7 B- 09 —(row height 7 C- 19 - 1 +row height 7 C- 19 - 2 +row height 7 C- 19 - 3 ).
  • both row heights and column widths are randomly selected. This is a combination of the steps in FIGS. 7D and 7E .
  • FIG. 7F illustrates a detailed example for performance in series.
  • steps 7 F- 01 to 7 F- 03 are identical to steps 7 D- 01 to 7 D- 03 of FIG. 7D .
  • steps 7 F- 04 to 7 F- 07 are identical to steps 7 E- 01 to 7 E- 04 of FIG. 7E .
  • branch 7 G- 08 comprises steps 7 G- 01 to 7 G- 03 , which are identical to steps 7 F- 01 to 7 F- 03 of FIG. 7F .
  • Branch 7 G- 09 comprises the steps 7 G- 04 to 7 G- 07 , which are identical to steps 7 F- 04 to 7 F- 07 of FIG. 7F .
  • the steps of branches 7 G- 08 and 7 G- 09 are performed in parallel by randomization subsystem 7 A- 08 to improve processing speed.
  • one or more positions of groups of buttons are randomly selected by randomization subsystem 7 A- 08 .
  • Examples of such groups are the rows and columns on the keypad.
  • random selecting the positions of groups of buttons at least some of the positional relationships within the group are still maintained. For example, when the position of a row of buttons is changed, the horizontal relationships among the buttons within the row are still maintained. This is likely to reduce the difficulty faced by the user when compared to the case of complete randomization of button layout, where both horizontal and vertical relationships may be completely changed.
  • rollup parameter RP which is an integer greater than or equal to 1. This involves moving each row up RP times and “wrapping around” when it reaches the top.
  • FIG. 7H shows the starting position for the keypad.
  • the notation for the row references in FIG. 7H are 7 H- 01 -(row position).
  • the reference for row position 0 is denoted as 7 H- 01 - 0
  • the reference for row position 1 is denoted as 7 H- 01 - 1 and so on.
  • the notation for the column references in FIG. 4 are 7 H- 11 -(column position).
  • the reference for column position 0 is denoted as 7 H- 11 - 0
  • the reference for column position 1 is denoted as 7 H- 11 - 1 and so on.
  • New row position (Starting row position+RP) (mod 4), where mod denotes the integer modulo operation.
  • flipping columns by flip parameter (FP) which is an integer greater than or equal to 1.
  • FP flip parameter
  • FIG. 7H above shows the starting position for the keypad.
  • FP is randomly selected from a range [1, 2].
  • FIG. 7K A left to right mirror image of the starting position keypad in FIG. 7H is given in FIG. 7K .
  • column 7 C- 14 - 1 changes position to column position 7 H- 11 - 2
  • column position 7 C- 14 - 3 changes position to column position 7 H- 11 - 0 .
  • randomization subsystem 7 A- 08 makes a random selection from either the starting position or the horizontal mirrored position.
  • a vertical mirroring is used as shown in FIG. 7L .
  • the row positions of 7 C- 09 - 1 and 7 C- 09 - 4 in the starting position are interchanged, as are the row positions of 7 C- 09 - 2 and 7 C- 09 - 3 .
  • randomization subsystem 7 A- 08 makes a random selection from either the starting position or the vertical mirrored position.
  • FIG. 7M illustrates one example of a random selection of a combination of location of the keypad relative to a corner; and size of the keypad.
  • keypad width 7 B- 14 is selected randomly by randomization subsystem 7 A- 08 from the range [Xkeymin, (touchscreen width 7 B- 07 ⁇ 2 ⁇ x-direction gap 7 B- 12 )].
  • Xkeymin represents a minimum width for the keypad.
  • step 7 M- 02 randomization subsystem 7 A- 08 randomly selects keypad height 7 B- 09 from the range [Ykeymin, (touchscreen height 7 B- 05 ⁇ 2 ⁇ y-direction gap 7 B- 08 )].
  • Ykeymin represents a minimum height for the keypad.
  • step 7 M- 03 randomization subsystem 7 A- 08 randomly selects x-coordinate 7 B- 13 from the range [0, (touchscreen width 7 B- 07 ⁇ keypad width 7 B- 14 )].
  • step 7 M- 04 randomization subsystem 7 A- 08 randomly selects y-coordinate 7 B- 11 from the range [0, (touchscreen height 7 B- 05 ⁇ keypad height 7 B- 09 )].
  • sequences of random selections of combinations of display parameters are implemented. For example, a sequence for a combination of randomization of location of keypad, size of keypad, size of buttons and positions of groups of buttons is shown in FIG. 7N .
  • randomization subsystem 7 A- 08 randomly selects a size of the keypad 7 B- 03 as described above.
  • randomization subsystem 7 A- 08 randomly selects a location of the keypad 7 B- 03 using the process described above.
  • randomization subsystem 7 A- 08 randomly selects the size of the buttons of keypad 7 B- 03 as described above.
  • randomization subsystem 7 A- 08 randomly selects positions of groups of buttons as described above.
  • the COTS device combines the features of the devices shown in FIGS. 2A, 2C and 7A .
  • the COTS device implements the functionalities of randomization subsystem 7 A- 08 from FIG. 7A , and application installation controller 2 C- 08 shown in FIG. 2C . This enables implementation of the secure process for application installation and updating, and the randomization of the display parameters of the PIN pad for the same COTS device as described above.
  • One example of this disclosure includes a system to indicate to a user to enter a personal identification number (PIN) on a commercial off the shelf (COTS) device, said system comprising a secure card reader communicatively coupled to the COTS device via either a connection or a network, wherein the secure card reader receives a payment card, a payment application installed on the COTS device, and one or more devices other than the COTS device, wherein the one or more devices are communicatively coupled to the COTS device via the network; wherein the payment application installed on the COTS device transmits one or more prompts to the one or more devices other than the COTS device based on a set of signals received from the secure card reader, wherein the secure card reader transmits the set of signals after the payment card is received at the secure card reader, and wherein said one or more prompts comprise at least one indication to the user to enter the PIN on a display of the COTS device.
  • PIN personal identification number
  • COTS commercial off the shelf
  • the at least one indication comprises at least one of a visual indication, an audio indication, and a motion indication.
  • the one or more devices other than the COTS device comprise the secure card reader.
  • the one or more devices other than the COTS device comprise a user device associated with the user.
  • the payment application transmits one or more prompts after a request is received from the secure card reader for the PIN.
  • the COTS device is coupled to an application store and a terminal management server (TMS) via a network
  • a vendor uploads the payment application to the application store
  • said COTS device downloads said application via said network
  • said TMS authorizes said COTS device to install and run said downloaded application
  • said TMS authenticates said application.
  • said vendor prior to said upload, said vendor encrypts one or more portions of said application, and said the COTS device obtains a decryption key from said TMS to decrypt said encrypted one or more portions after said authentication and authorization.
  • said encryption is operative to either prevent exposure of said one or more portions of said application outside a trusted environment, or prevent the application from performing critical or sensitive operations in unauthorized platforms.
  • said payment application displays a PIN pad having one or more display parameters on a display of said COTS device
  • said COTS device comprises a randomization subsystem to randomly select one or more variables related to at least one of one or more display parameters, wherein said one or more display parameters include a location of a keypad relative to an edge of a touchscreen, a size of said keypad, one or more sizes of one or more buttons within said keypad, and one or more positions of one or more groups of the one or more buttons within said keypad.
  • Another example of this disclosure includes a method to indicate to a user to enter a personal identification number (PIN) on a commercial off the shelf (COTS) device, said method comprising receiving a payment card on a secure card reader coupled to the COTS device, and transmitting, by a payment application running on the COTS device, one or more prompts to one or more devices other than the COTS device after said receiving, wherein said one or more prompts comprise at least one indication to the user to enter the PIN on a display of the COTS device.
  • PIN personal identification number
  • COTS commercial off the shelf
  • the one or more devices other than the COTS device comprise either the secure card reader or a user device associated with the user.
  • the method further comprises receiving, by the COTS device, a request from the secure card reader for the PIN, wherein the transmitting of the one or more prompts occurs after the receiving of the request from the secure card reader.
  • the COTS device is coupled to an application store and a terminal management server (TMS) via a network
  • the method further comprises uploading, by a vendor, the payment application to the application store, and downloading, by said COTS device, said application via said network, wherein said TMS authorizes said COTS device to install and run said downloaded application.
  • TMS terminal management server
  • said TMS authenticates said application.
  • said vendor prior to said uploading, said vendor encrypts one or more portions of said application, and said COTS device obtains a decryption key from said TMS to decrypt said encrypted one or more portions after said authentication and authorization.
  • the method further comprises classifying said downloaded application into one of a plurality of classes, each of said plurality of classes corresponding to an app class sandbox, wherein said classifying is performed based on level of authorization and type of application.
  • the method further comprises uploading, by the vendor, either a patch or an upgrade to said payment application to said application store, wherein the COTS device downloads said patch or said upgrade via said network, and wherein after said downloading, said TMS authorizes said COTS device to install and run said patch or said upgrade.
  • the method further comprises displaying a PIN pad having one or more display parameters on a display of said COTS device, and randomly selecting one or more variables related to at least one of one or more display parameters, wherein said one or more display parameters comprise a location of a keypad relative to an edge of a touchscreen, a size of said keypad, one or more sizes of one or more buttons within said keypad, and one or more positions of one or more groups of the one or more buttons within said keypad.
  • said random selecting comprises either rolling up rows or flipping columns.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Cash Registers Or Receiving Machines (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A system to indicate to a user to enter a personal identification number (PIN) on a commercial off the shelf (COTS) device, the system comprising: a secure card reader communicatively coupled to the COTS device, and wherein the secure card reader receives a payment card; a payment application installed on the COTS device; and one or more devices other than the COTS device. The payment application installed on the COTS device transmits one or more prompts to the one or more devices other than the COTS device based on a set of signals received from the secure card reader. The secure card reader transmits the set of signals after the payment card is received at the secure card reader, and the one or more prompts comprise at least one indication to the user to enter the PIN on a display of the COTS device.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
This application is a continuation-in-part of Patent Cooperation Treaty Application No. PCT/CN2019/086235 to Tsai et al., filed May 9, 2019 and entitled SYSTEM AND METHOD FOR CONFIGURATION OF TERMINAL HARDWARE, which claims the benefit of U.S. Provisional Patent Application No. 62/668,866 to Tsai et al., filed May 15, 2018, entitled SYSTEM AND METHOD FOR CONFIGURATION OF TERMINAL HARDWARE, the specifications of which are incorporated herein by reference in their entirety. This application also is a continuation-in-part of U.S. patent application Ser. No. 16/166,353 to Tsai et al., filed Oct. 22, 2018 entitled SYSTEM AND METHOD FOR A KEYPAD ON A TOUCH SCREEN DEVICE, which claims the benefit of U.S. Provisional Patent Application No. 62/576,401, to Tsai et al, filed Oct. 24, 2017, entitled SYSTEM AND METHOD FOR A KEYPAD ON A TOUCH SCREEN DEVICE, the specifications of which are incorporated herein by reference in their entirety. This application also claims the benefit of U.S. Provisional Patent Application No. 62/721,795 to Tsai et al, filed Aug. 23, 2018, entitled SYSTEM AND METHOD FOR INDICATING ENTRY OF PERSONAL IDENTIFICATION NUMBER, the specification of which is incorporated herein by reference in its entirety.
TECHNICAL FIELD
The present disclosure relates to software-based personal identification number (PIN) entry on commercial off-the-shelf (COTS) devices.
BACKGROUND
In payment processes which utilize payment cards, usually the identification of the cardholder has to be verified. The following Cardholder Verification (CV) methods are usually used:
    • Signature verification, that is, where the cardholder signs his or her name on a piece of paper (on a receipt or an invoice), or
    • Personal Identification Number (PIN) verification, that is, where the cardholder enters his or her PIN on a secure PIN pad.
Typically an authentication process is based on the following 3 factors, or answering the following questions:
    • What I know, or the knowledge factor;
    • What I have, or the possession factor; and
    • What I am, or the inherence factor.
In a transaction which utilizes a PIN, the payment involves submitting
    • the payment card, which is an example of a possession factor; and
    • the PIN, which is an example of a knowledge factor.
    • These two factors form what is called a two-factor authentication which is a measure to protect against card fraud.
Because the PIN is a very sensitive piece of information, typically the pad used to enter PINs is a specialized hardware device which is highly secured against tampering or attempts to steal the PIN from its legitimate owner.
Initially, payment cards only had magnetic stripes. These could be read easily making it easy to counterfeit. This increased the attractiveness of PIN-based payment cards. Because of this, the importance of protection on PIN has become of paramount importance.
In recent years, the introduction of chip-based payment cards has greatly improved the security of payment cards. In particular, the Europay Mastercard Visa (EMV) chip card standard has become the international standard.
The migration from magnetic stripe cards to EMV payment cards has been a long process having varying progress in different countries. It is likely that in the near future, all payment cards will be moving to the EMV standards.
Recently, the Payment Card Industries Security Standards Council (PCI SSC) announced a new PCI Security Standard for software-based PIN entry on commercial off-the-shelf (COTS) devices. This standard is known as the Software-based PIN entry on Commercial Off The Shelf (SPoC) standard. The SPoC standard provides guidelines for PIN entry on a touch screen of a mobile phone or tablet without needing a physical secure PIN pad. It is also loosely referred to as PIN on Mobile (PoM) or PIN on Glass (PoG).
Typically in a system that would utilize PoM or PoG, the user can see the following:
    • a special card reader that he/she feels to be secure, as he/she know it is a special device that he/she seen in many stores/merchants and he/she cannot buy elsewhere; and
    • a COTS device that he/she is very familiar with, as it is a device he/she can buy anywhere, which may make him/her not that confident that the device is really capable of being used for the card transaction purpose.
As a consequence it may be difficult for the user to know whether the COTS device is genuine, and whether the user is safe in entering his/her confidential PIN.
There is therefore a need for a solution to give the user some degree of comfort and security before entering his or her PIN.
SUMMARY
A system to indicate to a user to enter a personal identification number (PIN) on a commercial off the shelf (COTS) device, said system comprising: a secure card reader coupled to the COTS device via a connection, and wherein the secure card reader receives a payment card; a payment application installed on the COTS device; and one or more devices other than the COTS device, wherein the payment application installed on the COTS device transmits one or more prompts to the one or more devices other than the COTS device based on a set of signals received from the secure card reader, further wherein the secure card reader transmits the set of signals after the payment card is received at the secure card reader, and wherein said one or more prompts comprise at least one indication to the user to enter the PIN on a display of the COTS device.
A method to indicate to a user to enter a personal identification number (PIN) on a commercial off the shelf (COTS) device, said method comprising: receiving a payment card on a secure card reader coupled to the COTS device; and transmitting, by a payment application running on the COTS device, one or more prompts to one or more devices other than the COTS device after said receiving, wherein said one or more prompts comprise at least one indication to the user to enter the PIN on a display of the COTS device.
BRIEF DESCRIPTION OF THE DRAWINGS
For a more complete understanding, reference is now made to the following description taken in conjunction with the accompanying Drawings in which:
FIG. 1 illustrates an example of a system to enable seamless transition for PIN entry in accordance with various embodiments of this disclosure;
FIG. 2A illustrates an example of a COTS device in accordance with various embodiments of this disclosure;
FIG. 2B illustrates an example of downloading and installing a payment application on a COTS device using a secure process for application installation and updating in accordance with various embodiments of this disclosure;
FIG. 2C illustrates an example of a COTS device incorporating an application installation controller in accordance with various embodiments of this disclosure;
FIG. 2D illustrates an example of a process for vendor distribution of applications in accordance with various embodiments of this disclosure;
FIG. 2E illustrates an example of a security measure to prevent a sensitive portion of an application from running on one or more unauthorized devices in accordance with various embodiments of this disclosure;
FIG. 2F illustrates an example of segregation of an application into different classes and utilization of application level sandboxes in accordance with various embodiments of this disclosure;
FIG. 2G illustrates an example of a method for vendor upload of applications incorporating classification of applications for different sandboxes in accordance with various embodiments of this disclosure;
FIG. 3 illustrates an example of a process for prompt transmission by a payment application in accordance with various embodiments of this disclosure;
FIG. 4 illustrates an example of a payment screen in accordance with various embodiments of this disclosure;
FIG. 5 illustrates an example of a display of an alert in accordance with various embodiments of this disclosure;
FIG. 6 illustrates an example of a verification screen in accordance with various embodiments of this disclosure;
FIG. 7A illustrates an example of a COTS device which incorporates a randomization subsystem in accordance with various embodiments of this disclosure;
FIG. 7B illustrates an example of a keypad displayed on a touchscreen in accordance with various embodiments of this disclosure;
FIG. 7C illustrates a detailed example of a keypad in accordance with various embodiments of this disclosure;
FIG. 7D illustrates an example of a process to randomly select the width of a button in accordance with various embodiments of this disclosure;
FIG. 7E illustrates an example of a process to randomly select the height of a button in accordance with various embodiments of this disclosure;
FIG. 7F illustrates an example of a process to select row heights and column widths in series in accordance with various embodiments of this disclosure;
FIG. 7G illustrates an example of a process to select row heights and column widths in parallel in accordance with various embodiments of this disclosure;
FIG. 7H illustrates a starting position for a keypad in accordance with various embodiments of this disclosure;
FIG. 7I illustrates an example of rolling up rows on a keypad in accordance with various embodiments of this disclosure;
FIG. 7J illustrates an example of flipping columns on a keypad in accordance with various embodiments of this disclosure;
FIG. 7K illustrates an example of a left to right mirrored keypad in accordance with various embodiments of this disclosure;
FIG. 7L illustrates an example of a vertically mirrored keypad in accordance with various embodiments of this disclosure;
FIG. 7M illustrates an example of random selection of two or more display parameters in combination in accordance with various embodiments of this disclosure; and
FIG. 7N illustrates an example of a sequence for a random selection of combinations of display parameters in accordance with various embodiments of this disclosure.
 DETAILED DESCRIPTION
Referring now to the drawings, wherein like reference numbers are used herein to designate like elements throughout, the various views and embodiments of a system and method for indicating entry of personal identification number are illustrated and described, and other possible embodiments are described. The figures are not necessarily drawn to scale, and in some instances the drawings have been exaggerated and/or simplified in places for illustrative purposes only. One of ordinary skill in the art will appreciate the many possible applications and variations based on the following examples of possible embodiments.
A system and method to reduce discontinuities and present a seamless transition from a payment application or “app” to the CV application is detailed below.
FIG. 1 illustrates an example of a system to enable seamless transition for PIN entry in accordance with various embodiments of this disclosure. User 101 interfaces with commercial off the shelf (COTS) device 102 to, for example, make payments. COTS device 102 is, for example, a smartwatch, smartphone, tablet, laptop, or any appropriate computing and network-enabled device.
An example of COTS device 102 is shown in FIG. 2A. Processor 102-1 performs processing functions and operations necessary for the operation of COTS device 102, using data and programs stored in storage 102-2. An example of such a program is payment application 102-4. Display 102-3 performs the function of displaying data and information for user 101. Input devices 102-5 allow user 101 to enter information. This includes, for example, devices such as a touch screen, mouse, keypad, keyboard, microphone, camera, video camera and so on. In some embodiments, display 102-3 is a touchscreen which means it is also part of input devices 102-5. Communications module 102-6 allows COTS device 102 to communicate with devices and networks external to COTS device 102. This includes, for example, communications via BLUETOOTH®, Wi-Fi, Near Field Communications (NFC), Radio Frequency Identification (RFID), 3G, Long Term Evolution (LTE), Universal Serial Bus (USB) and other protocols known to those of skill in the art. Sensors 102-7 perform functions to sense or detect environmental or locational parameters. Sensors 102-7 include, for example, accelerometers, gyroscopes, magnetometers, barometers, Global Positioning System (GPS), proximity sensors and ambient light sensors. The components of COTS device 102 are coupled to each other as shown in FIG. 2A.
Returning to FIG. 1, secure card reader 103 is communicatively coupled to COTS device 102 via either connection 107 or networks 105. In certain embodiments, secure card reader 103 is coupled to server 106 via networks 105. Secure card reader 103 is functional to read payment cards such as payment card 104. Payment card 104 is, for example, a credit card or a debit card. In some embodiments, payment card 104 has a chip, such as an EMV chip. In yet other embodiments, payment card 104 has a magnetic stripe. In yet other embodiments, payment card 104 is enabled for near field communications (NFC).
In some embodiments, secure card reader 103 is able to read payment cards having magnetic stripes, chips, and NFC capabilities.
Networks 105 can be implemented using a variety of networking and communications technologies. In some embodiments, networks 105 are implemented using wired technologies such as Firewire, Universal Serial Bus (USB), Ethernet and optical networks. In some embodiments, networks 105 are implemented using wireless technologies such as WiFi, BLUETOOTH®, NFC, 3G and LTE. In some embodiments, networks 105 are implemented using satellite communications links. In some embodiments, the communication technologies stated above include, for example, technologies related to a local area network (LAN), a campus area network (CAN) or a metropolitan area network (MAN). In yet other embodiments, networks 105 are implemented using terrestrial communications links. In some embodiments, networks 105 comprise at least one public network. In some embodiments, networks 105 comprise at least one private network. In some embodiments, networks 105 comprise one or more subnetworks. In some of these embodiments, some of the subnetworks are private. In some of these embodiments, some of the subnetworks are public. In some embodiments, communications within networks 105 are encrypted.
As explained above, COTS device 102 is coupled to secure card reader 103 via, for example, connection 107 or networks 105. Connection 107 is implemented using technologies which enable communicative coupling between COTS device 102 and secure card reader 103. Examples of connection 107 include:
    • A connection via an audio jack on COTS device 102,
    • A connection via a Universal Serial Bus (USB) or Firewire connection on COTS device 102,
    • BLUETOOTH® connection,
    • NFC connection, and
    • Wi-Fi connection.
Server 106 performs back-end processing as necessary. This back-end processing is performed to facilitate, for example, payment flows and cardholder verification. As previously stated, in some embodiments server 106 is coupled to secure card reader 103 via networks 105. In some embodiments, server 106 is coupled to COTS device 102 via networks 105. Server 106 can be implemented in a variety of ways. In some embodiments, server 106 is implemented using a single server. In other embodiments, server 106 is implemented using a plurality of devices. In some embodiments, server 106 is implemented using some combination of hardware and software. In yet other embodiments, server 106 is implemented in a distributed fashion, whereby the components of server 106 are situated at one or more locations.
Additionally, the user has one or more user devices 110 associated with the user. These include, for example, smartwatches, smartphones, tablets, laptops, desktops or any appropriate computing and network-enabled device. In some embodiments, these one or more user devices 110 are communicatively coupled to networks 105 so as to transmit communications to, and receive communications from networks 105.
Payment application 102-4 of FIG. 2A will now be discussed in more detail. Payment application 102-4 is functional to implement a payment process for a vendor. It serves to accept price inputs, calculate price totals and so on. In some embodiments, it also performs functions such as displaying a PIN pad for the user to enter a PIN. It also interacts with secure card reader 103 as necessary and transmits prompts to other devices and to other components of FIG. 1 such as server 106 as necessary.
In some embodiments, the payment application 102-4 is downloaded and installed on COTS device 102 using a secure process for application installation and updating as described in Patent Cooperation Treaty Application No. PCT/CN2019/086235 to Tsai et al, filed May 9, 2019.
An example of such a process is described below with reference to FIGS. 2B to 2G. In FIG. 2B, COTS device 2B-01 is similar to COTS device 102 and includes an additional application installation controller. A detailed example of COTS device 2B-01 is shown in FIG. 2C. Components 2C-01 to 2C-07 are similar to components 102-1 to 102-7 of COTS device 102 respectively. Additionally, COTS device 2B-01 comprises application or “app” installation controller 2C-08 for installation of payment application 2C-04 which is similar to payment application 102-4. This will be described in further detail below.
COTS device 2B-01 is also coupled to terminal management server (TMS) 2B-02 via network 2B-05, which is similar to networks 105. TMS 2B-02 performs the functions of acquiring and processing payment transactions from COTS device 2B-01, and communicating with COTS device 2B-01 to perform identification, verification, authorization and authentication functions. TMS 2B-02 receives and transmits information and also performs encryption and decryption as necessary. In some embodiments, communications between TMS 2B-02 and COTS device 2B-01 are performed using encrypted channels.
Application or “app” store 2B-03 stores one or more apps and allows apps to be uploaded from vendors 2B-04. Apps are distributed from app store 2B-03 to COTS device 2B-01.
All of these components are communicatively coupled to each other by networks 2B-05, which as explained previously is similar to networks 105.
As explained above, in some embodiments, TMS 2B-02 and COTS device 2B-01 communicate with each other over networks 2B-05 using encrypted channels. Examples of encryption techniques used include:
    • symmetric encryption techniques, such as those based on shared secrets, and
    • asymmetric encryption techniques.
In some embodiments, COTS device 2B-01 communicates with TMS 2B-02 to indicate to TMS 2B-02 that it wants to install and run an app. The TMS 2B-02 then performs the following functions:
    • Granting of authorization for COTS device 2B-01 to install and run the app, and
    • Vendor-based authentication for COTS device 2B-01 to install and run the app. The communications necessary to perform these functions are, as explained previously, encrypted.
Therefore, since only authorized devices would be able to communicate with the TMS 2B-02 using an encrypted channel, this alleviates the concern of payment apps running on unauthorized devices such as generic smart devices. This also removes the need for extra authorization mechanisms such as out-of-band license keys.
An example of a process for vendor distribution of apps including the TMS 2B-02 providing authentication for COTS device 2B-01 before installation and running of the app is illustrated in FIG. 2D.
In step 2D-01 the payment app 2C-04 is uploaded into the app store 2B-03. In step 2D-02 the user requests download of the app via COTS device 2B-01 from the app store 2B-03. In step 2D-03 the app image is hashed using a hash function on the app store 2B-03 to create a hash value. The resulting hash value is then signed with the app store private key. In step 2D-04 the app image is bundled with the signed application hash and transmitted to the COTS device 2B-01. In step 2D-05, the COTS device 2B-01 authenticates the downloaded app 2C-04, to determine whether it is from the app store 2B-03. The encrypted application hash is decrypted using the app store public key, and the downloaded app image is hashed on the COTS device 2B-01 using the same hash function which is on the app store 2B-03. The decrypted hash and the hash corresponding to the downloaded app image are compared to verify that the app image has
    • authenticity, that is, the app image is real, and
    • integrity, that is, the app image is good.
In step 2D-06 the authentication process is carried out. If the downloaded app does not pass the authentication process in step 2D-06, then in step 2D-08, the app 2C-04 is deleted from COTS device 2B-01.
In step 2D-11 of FIG. 2D, the app installation controller 2C-08 on COTS device 2B-01 calculates the hash value of the app image. This is performed using, for example, a hash function stored in storage 2C-03 of COTS device 2B-01.
In step 2D-12, the COTS device 2B-01 then signs the app image prior to transmission to the TMS 2B-02. This step comprises encrypting the resultant hash by a unique-per-device key and submitting the signature together with the app image to TMS 2B-02. In some embodiments, a symmetric key arrangement is used, that is, where TMS 2B-02 uses the same key as COTS device 2B-01 for decryption. In some embodiments, the signing then utilizes a symmetric key or some means based on a shared secret for TMS 2B-02 to derive such a symmetric key. An example is where TMS 2B-02 derives a symmetric key from a base-key and a unique number from COTS device 2B-01.
In some embodiments, an asymmetric key arrangement is used, that is, where TMS 2B-02 uses a different key to COTS device 2B-01 for decryption. An example would be where COTS device 2B-01 has a private key and sends the signature with a certification of its public key, so the TMS 2B-02 can verify and extract the terminal public key and using it for verifying the signature.
Steps 2D-13 to 2D-17 concern the authorization and authentication steps performed by TMS 2B-02. In step 2D-13, TMS 2B-02 receives the signed app image, and decrypts the received encrypted hash. In step 2D-14, TMS 2B-02 calculates a hash for the received app image using a stored hash function. In step 2D-15, TMS 2B-02 compares the two hash values. If the two hash values match each other, then in step 2D-16 TMS 2B-02 authenticates the app and authorizes the COTS device 2B-01 to install and run the app. If the two hash values do not match each other, then in step 2D-17, TMS 2B-02 instructs COTS device 2B-01 that the app is not valid.
While the above describes a situation where the key is unique per device, there are other possibilities. For example, the keys can be unique per account, unique per session or unique per download. This offers more security compared to the prior art where the keys are limited to being unique per app image.
Since the signature for vendor app authentication no longer needs to be bundled with the app download package, the app is transparent to the standard app store. This is because the process of downloading the app is then similar to the process of downloading other non-payment apps. This makes it easier to use an app store for the purposes of distribution and managing of payment apps for terminals.
As the apps for the COTS device 2B-01 are intended to be distributed in normal smart device platform app stores, such as the Google® Play store, devices other than those intended for payment may download and run the apps. This is not desirable. As explained above, one security measure is the requirement for a device to communicate with TMS 2B-02 over an encrypted channel. FIG. 2E shows an example of a further security measure to prevent the sensitive part of the app from running on unauthorized devices. In FIG. 2E:
    • The vendor 2B-04 encrypts the one or more portions of the app code which handle sensitive operations prior to uploading the app to the app store, as shown in step 2E-01, and
    • Once the app is authenticated and authorized by the TMS 2B-02 for installation and running on COTS device 2B-01 following the process of FIG. 2D, the COTS device 2B-01 obtains a decryption key from the TMS 2B-02 to decrypt the encrypted one or more portions of the app image in step 2E-02.
Steps 2E-01 and 2E-02 work to prevent the protected code segment from being exposed outside a trusted execution environment, and the protected code segment prevents the app from performing critical/sensitive operations in devices or platforms other than intended devices with intended Electronic Funds Transfer Point of Sale (EFTPOS) platforms.
In some embodiments, app class sandboxes are employed to protect system resources and applications from being accessed by unauthorized apps. In some embodiments, the apps are divided into 3 classes, each having a corresponding app class sandbox, so as to achieve segregation of applications based on level of authorization and type of application. In some embodiments, these app class sandboxes are employed in addition to, for example, existing Linux/Android sandboxes.
An example of this segregation into different classes followed by utilization of app level sandboxes is shown in FIG. 2F. FIG. 2F shows the properties of each class in table 2F-00. Row 2F-01 of FIG. 2F corresponds to class A, row 2F-02 of FIG. 2F corresponds to class B, and row 2F-03 corresponds to class C. Column 2F-04 describes the types of app covered in each class, column 2F-05 describes the security objective of each class, and column 2F-06 describes the control means. For the remainder of this description each cell of the table 2F-00 is denoted by (row, column). For example, the cell which indicates the type of app covered in class A is in the cell within row 2F-01 and column 2F-04, and will be denoted as (2F-01, 2F-04).
Class A covers authorized payment apps, as shown in cell (2F-01, 2F-04). Class B covers authorized non-payment apps as shown in cell (2F-02, 2F-04). Class C covers unauthorized apps as shown in cell (2F-03, 2F-04).
The security objectives for each class are different. For class A apps: As shown in cell (2F-01, 2F-05), since these are authorized payment apps the OS does not restrict the access of these apps to sensitive data and functions. These apps are then placed in a relatively loose app class sandbox, with restrictions similar to, for example, the application sandbox in Security-Enhanced Linux (SE Linux), as shown in cell (2F-01, 2F-06).
For class B apps, as shown in cell (2F-02, 2F-05), the OS restricts the access of these apps to sensitive data and functions, such as the functions for reading finance card data, and certain related functions for cryptographic operations. Therefore, these apps will not be able to impact such sensitive assets. It significantly reduces the effort of app approval processes. The app class sandbox for class B apps therefore has restrictions on access to sensitive data and functions in addition to the restrictions of the app class sandbox for class A apps, as shown in cell (2F-02, 2F-06).
For class C apps, as shown in cell (2F-03, 2F-05), as the apps are not authorized by the vendor, in addition to the security objective for class B apps of restricting access to sensitive functions and data, the OS prevents these apps from requesting data from consumers and merchants, which may lead to security issues. Specifically, for EFTPOS, the risk with an unknown app is that the app can ask user to enter authentication information such as Personal-Identification-Number (PIN) or card account number. In some embodiments, a combination of one or more techniques is used to warn the user not to enter such information when running a class C app. These warning techniques operate independently of the app and have the following effect: If there is an unauthorized app displaying misleading messages requesting sensitive information such as payment data to be entered into the app, then since the app cannot control the operation of these techniques, the user will then be warned not to enter sensitive information into the app. These methods include, for example:
    • Screen watermarking,
    • Screen flying stamp,
    • Screen status bar,
    • Screen border,
    • Screen overlay,
    • Dedicated light indicator,
    • Warning sound, and
    • Warning vibration.
The app class sandbox for class C apps therefore has extra restrictions when compared to the app class sandbox restrictions for class B apps.
It would be known to one of skill in the art that the approach described above and in FIG. 2F is generalizable to more than 3 classes.
In some embodiments, the COTS device determines the class of the app being installed. The determination is based on, for example:
    • attribute field from the app,
    • the signing key of the app, or
    • the information from TMS 2B-02 when the app is being authenticated.
An example of a method for vendor upload of apps incorporating classification of apps so as to determine the relevant app class sandbox is illustrated in FIG. 2G. Steps 2G-01 to 2G-06 and 2G-08 are identical to steps 2D-01 to 2D-06 and 2D-08 of FIG. 2D. If in step 2G-06 the downloaded app passes the authentication process, then in step 2G-07 a determination is made as to whether the app is an EFTPOS vendor app. If no, then in step 2G-21 the app is installed as a class C app. If yes, then step 2G-11 is executed. Steps 2G-11 to 2G-17 are identical to steps 2D-11 to 2D-17 of FIG. 2D. In step 2G-18 a determination is made as to whether the app is a payment app. If it is a payment app in step 2G-19 the app is installed as a class A app. If not, then in step 2G-20 the app is installed as a class B app.
Typically, apps may require patches for bugs and vulnerabilities, upgrades and introductions of new features. For EFTPOS vendors, traditionally these updates were distributed by terminal vendors, acquirers, or other third parties certified by electronic payment industrial standards. However, as the size of the new updates and patches are significantly larger in size than ordinary EFTPOS firmware and software, it implies a heavy loading to the traditional terminal-management-system or other traditional distribution channels, which is very undesirable.
In some embodiments, the process outlined above in FIGS. 2D and 2G can be generalized to these other processes. This makes maintenance and updating of such apps easier as well, as most app stores are better equipped for maintenance and updating of apps. Furthermore, this makes it easier to improve Quality of Service (QoS), as app stores have established procedures to improve QoS. Then, the authenticity, authority, integrity and sensitive code privacy can be assured by such methods.
As part of the payment process, the payment application 102-4 transmits one or more prompts to one or more user devices 110 to indicate to the user to enter a card and a PIN. FIG. 3 demonstrates a process for prompt transmission by the payment application 102-4.
In step 301, the payment application presents a payment screen on display 102-3 of COTS device 102 to user 101. An example of a payment screen 400 is presented in FIG. 4. Screen 400 displays items for purchase 401, payment totals 402 and “pay” button 403.
In step 302, user 101 activates pay button 403. The payment application receives the input, and prompts the user to enter payment card 104 into the secure card reader.
In step 303, the user is prompted to enter the payment card into the secure card reader 103. The secure card reader 103 is able to read information stored on the payment card and retrieve, for example, an email address associated with the user.
In step 304, the payment application 102-4 running on COTS device 102 receives a set of signals from secure card reader 103 over connection 107 indicating that the payment card 104 has been entered into secure card reader 103, and requesting a PIN number for verification. In some embodiments, the set of signals also comprises one or more addresses necessary to transmit one or more prompts to the user.
In step 305, the payment application 102-4 transmits one or more signals to one or more devices other than COTS device 102, wherein the one or more signals comprise one or more prompts to indicate to the user to enter a PIN. In some embodiments, this comprises a prompt transmitted to the secure card reader. In some embodiments, this comprises a prompt transmitted to one or one or more devices 110 over a messaging medium such as Short Message Service (SMS), email, instant messaging.
In step 306, the device other than COTS device 102 receives the transmitted prompt and based on the transmitted prompt, indicates to the user to enter a PIN. In some embodiments, this comprises displaying an alert on a screen of the device other than the COTS device 102. An example is shown in FIG. 5. Alert 502 is displayed on, for example, screen 500 of secure card reader 103.
As would be known to one of skill in the art, other forms of indication can also be used, for example:
    • Visual indication, such as a flashing light/LED on the device other than the COTS device.
    • Audio indication, such as a beep sound from buzzer on the device other than the COTS device.
    • Motion indication, including vibration or movement on the device other than the COTS device.
In step 307, based on the indication, the user enters a PIN on a PIN pad displayed by payment application 102-4 on a verification screen presented on the display of the COTS device 102. An example of the verification screen is presented in FIG. 6. In FIG. 6, verification screen 500 comprises background 601, and a software PIN pad region 602 where the PIN pad is displayed.
In some embodiments, the display parameters of the PIN pad are randomized. Systems and methods for randomization were described in U.S. patent application Ser. No. 16/166,353, to Tsai et al, filed Oct. 22, 2018.
Examples are shown below in FIGS. 7A-7N. FIG. 7A illustrates an example of a COTS device. In FIG. 7A, components 7A-01 to 7A-07 of COTS device 701 are similar to components 102-1 to 102-7 of COTS device 102. COTS device 701 also incorporates the functionalities of an additional randomization subsystem similar to randomization subsystem 7A-08 of FIG. 1 of U.S. patent application Ser. No. 16/166,353. In some embodiments, as shown in FIG. 7A, COTS device 701 comprises a separate randomization subsystem 7A-08 component. While in FIG. 7A additional randomization subsystem 7A-08 is shown as a separate component, one of skill in the art would know there are other ways to incorporate additional randomization subsystem 7A-08 into COTS device 701. For example, in some embodiments, payment application 7A-04 comprises an additional randomization subsystem. In some embodiments, processor 102-1 performs the functionalities of additional randomization subsystem 7A-08.
Randomization subsystem 7A-08 performs the function of randomly selecting values for one or more variables related to at least one of said one or more display parameters. Randomization subsystem 7A-08 can be implemented in a variety of ways. In some embodiments, randomization subsystem 7A-08 is implemented in hardware. In some embodiments, randomization subsystem 7A-08 is implemented in software. In some embodiments, randomization subsystem 7A-08 is implemented using a combination of hardware and software. Randomization subsystem 7A-08 performs the random selections detailed below using one or more probability distributions. Examples of probability distributions which are used are, for example, the uniform distribution and the Gaussian distribution.
A detailed example of a keypad on a touchscreen is shown in FIG. 7B. As explained previously, in some embodiments, display 7A-03 of COTS device 701 is a touchscreen. In the following explanations, this touchscreen will be referred to as touchscreen 7A-09, and it is also part of input devices 7A-05. In FIG. 7B, keypad 7B-03 is displayed within touchscreen 7A-09. Touchscreen 7A-09 has a width 7B-07 in the horizontal or x-direction; and a height 7B-05 in the vertical or y-direction. Keypad 7B-03 has a width 7B-14 in the x-direction and a height 7B-09 in the y-direction. There is an x-direction gap 7B-12 between the vertical edge of the touchscreen and the vertical edge of the keypad, such that keypad width 7B-14 is less than touchscreen width 7B-07. Similarly, there is a y-direction gap 7B-08 between the horizontal edge of the touchscreen and the horizontal edge of the keypad, such that keypad height 7B-09 is less than touchscreen height 7B-05.
In some embodiments, randomization subsystem 7A-08 randomly selects only the location of the keypad relative to a corner of the touchscreen. Examples are shown below. In these embodiments, keypad width 7B-14 and keypad height 7B-09 are fixed.
The location of the bottom left corner of the keypad relative to the bottom left corner of touchscreen 7A-09 is given by the variables of (x,y) co-ordinates (7B-13, 7B-11). The range of possible values of the location x-co-ordinate 7B-13 is calculated based on the touchscreen width 7B-07 and the keypad width 7B-14. Similarly, the range of possible values of the location y-co-ordinate 7B-11 is calculated based on the touchscreen height 7B-05 and the keypad height 7B-09.
In some embodiments, these calculations take into account the need for gaps between the vertical edges of the touchscreen 7A-09 and keypad 7B-03; and between the horizontal edges of the touchscreen 7A-09 and keypad 7B-03. Examples are demonstrated below:
The maximum value of the location x-co-ordinate 7B-13 is calculated based on the touchscreen width 7B-07 and the keypad width 7B-14. In some embodiments, this takes into account any x-direction gaps. For example, in some embodiments, the maximum value of the location x-co-ordinate 7B-13 given by the difference between touchscreen width 7B-07 and keypad width 7B-14 and an x-direction gap 7B-12 between the right edge of the touchscreen 7A-09 and keypad 7B-03. That is:
Maximum value of location x-co-ordinate 7B-13=(touchscreen width 7B-07)−(keypad width 7B-14+x-direction gap 7B-12)
While only one x-direction gap between the right edges of the touchscreen 7A-09 and keypad 7B-03 is shown in FIG. 7B, one of skill in the art would know that this is one example. In some embodiments, there is a second x-direction gap between the left edges of the touchscreen 7A-09 and keypad 7B-03.
Similarly, the maximum value of the location y-co-ordinate 7B-11 is calculated based on the touchscreen height 7B-05 and the keypad height 7B-09. In some embodiments, this takes into account any y-direction gaps. For example, in some embodiments, the maximum value of the location y-co-ordinate 7B-11 given by the difference between touchscreen height 7B-05 and keypad height 7B-09 and a y-direction gap 7B-08 between the upper edges of the touchscreen 7A-09 and keypad 7B-03. That is:
Maximum value of location y-co-ordinate 7B-11=(touchscreen height 7B-05)−(keypad height 7B-09+y-direction gap 7B-08)
While only one y-direction gap between the upper edges of the touchscreen 7A-09 and keypad 7B-03 is shown in FIG. 7B, one of skill in the art would know that this is one example. In some embodiments, there is a second y-direction gap between the bottom edges of the touchscreen 7A-09 and keypad 7B-03.
Then, in the example corresponding to a single x-direction gap, the location x-co-ordinate 7B-13 is selected randomly from the range [0, (touchscreen width 7B-07)−(keypad width 7B-14 +x-direction gap 7B-12)]. Similarly, in the example corresponding to a single y-direction gap, location y-co-ordinate 7B-11 is selected randomly from the range [0, (touchscreen height 7B-05)−(keypad height 7B-09+y-direction gap 7B-08)].
In the example corresponding to two x-direction gaps, the location x-co-ordinate 7B-13 is selected randomly from the range [x-direction gap 7B-12, (touchscreen width 7B-07)−(keypad width 7B-14 +x-direction gap 7B-12)]. Similarly, in the example corresponding to two y-direction gaps, location y-co-ordinate 7B-11 is selected randomly from the range [y-direction gap 7B-08, (touchscreen height 7B-05)−(keypad height 7B-09+y-direction gap 7B-08)].
These variables are randomly selected by randomization subsystem 7A-08 based on one or more probability distributions such as the uniform distribution or the Gaussian distribution as explained above.
In this way, the location of the keypad (7B-13, 7B-11) is randomly distributed. Therefore, the locations of each of the buttons are not fixed in time as well. This makes it difficult for an attacker to guess the coordinates of user interactions with keypad 7B-03 on touchscreen 7A-09.
In some embodiments, randomization subsystem 7A-08 only randomly selects the size of the keypad, that is, only the variables of keypad width 7B-14 and keypad height 7B-09 are randomly selected. In some embodiments, the ranges of available keypad widths and keypad heights take into account any requirements for gaps between the keypad and touchscreen edges. Examples are demonstrated below for a case where there are two x-direction gaps and two y-direction gaps.
With reference to FIG. 7B, in some embodiments, the keypad width 7B-14 is randomly selected from the range [Xkeymin, (touchscreen width 7B-07)−2×(x-direction gap 7B-12)], where Xkeymin is the minimum length of the keyboard in the x-direction. The keypad height 7B-09 is randomly selected from the range [Ykeymin, touchscreen height 7B-05−2×(y-direction gap 7B-08)], where Ykeymin is the minimum height of the keyboard in the y-direction. Then the location co-ordinates (7B-13,7B-11) are calculated taking into account the randomly selected touchscreen width and height.
Location x-coordinate 7B-13=touchscreen width 7B-07keypad width 7B-14 Location y-coordinate 7B-11=touchscreen height 7B-05keypad height 7B-09
In some embodiments, randomization subsystem 7A-08 only randomly selects the size of the buttons in the keypad. That is, keypad width 7B-14, keypad height 7B-09, the location x-co-ordinate 7B-13 and y-co-ordinate 7B-11 are all fixed. At least one of the heights and widths of the buttons within the keypad are randomly selected.
This is demonstrated further below. FIG. 7C illustrates a further detailed description of keypad 7B-03. Keypad 7B-03 comprises columns 7C-14-1, 7C-14-2 and 7C-14-3; and rows 309-1, 309-2, 309-3 and 309-4. In this example, each button within keypad 7B-03 is referenced by [row, column] notation. For example, the button containing the number “1” is button [309-4, 7C-14-1].
The width of columns 7C-14-1, 7C-14-2 and 7C-14-3 are given by 7C-24-1, 7C-24-2 and 7C-24-3 respectively. The height of rows 7C-09-1, 7C-09-2, 7C-09-3 and 7C-09-4 are given by 7C-19-1, 7C-19-2, 7C-19-3 and 7C-19-4 respectively. Then the width of button [7C-09-4, 7C-14-1] is 7C-24-1 and the height of button [7C-09-4, 7C-14-1] is given by 7C-19-4.
Examples to randomly select at least one of button widths and button heights of keypad 7B-03 are then presented below.
In some embodiments, the row heights 7C-19-1, 7C-19-2, 7C-19-3 and 7C-19-4 are fixed, and the width of each column is randomly selected. With reference to FIG. 7D, in step 7D-01 randomization subsystem 7A-08 randomly selects column width 7C-24-1 from the range [XBmin, (keypad width 7B-14)−2×XBmin], where XBmin is the minimum width of the button in the horizontal (x) direction.
In step 7D-02, column width 7C-24-2 is randomly selected by randomization subsystem 7A-08 from the range [XBmin, (keypad width 7B-14)−(7C-24-1+XBmin)].
In step 7D-03, column width 7C-24-3 is then set to [keypad width 7B-14−(column width 7C-24-1+column width 7C-24-2)].
In some embodiments, the column widths are fixed, and the heights of each row are randomly selected. With reference to FIG. 7E, in step 7E-01, row height 7C-19-1 is randomly selected by randomization subsystem 7A-08 from the range [YBmin, keypad height 7B-09-3×YBmin], where YBmin is the minimum height of the button in the vertical (y) direction.
In step 7E-02, row height 7C-19-2 is randomly selected by randomization subsystem 7A-08 from the range [YBmin, keypad height 7B-09−(row height 7C-19-1+2×YBmin)].
In step 7E-03, row height 7C-19-3 is randomly selected by randomization subsystem 7A-08 from the range [YBmin, keypad height 7B-09−(row height 7C-19-1+row height 7C-19-2+YBmin)].
In step 7E-04, row height 7C-19-4 is then set to keypad height 7B-09—(row height 7C-19-1+row height 7C-19-2+row height 7C-19-3).
In some embodiments, both row heights and column widths are randomly selected. This is a combination of the steps in FIGS. 7D and 7E.
In some embodiments, this is performed in series. FIG. 7F illustrates a detailed example for performance in series. With reference to FIG. 7F, steps 7F-01 to 7F-03 are identical to steps 7D-01 to 7D-03 of FIG. 7D. Steps 7F-04 to 7F-07 are identical to steps 7E-01 to 7E-04 of FIG. 7E.
In some embodiments, this is performed in parallel as shown in FIG. 7G. In FIG. 7G branch 7G-08 comprises steps 7G-01 to 7G-03, which are identical to steps 7F-01 to 7F-03 of FIG. 7F. Branch 7G-09 comprises the steps 7G-04 to 7G-07, which are identical to steps 7F-04 to 7F-07 of FIG. 7F. The steps of branches 7G-08 and 7G-09 are performed in parallel by randomization subsystem 7A-08 to improve processing speed.
In some embodiments, one or more positions of groups of buttons are randomly selected by randomization subsystem 7A-08. Examples of such groups are the rows and columns on the keypad. By random selecting the positions of groups of buttons, at least some of the positional relationships within the group are still maintained. For example, when the position of a row of buttons is changed, the horizontal relationships among the buttons within the row are still maintained. This is likely to reduce the difficulty faced by the user when compared to the case of complete randomization of button layout, where both horizontal and vertical relationships may be completely changed.
As would be appreciated by one of skill in the art, in a keypad such as that shown in FIG. 7B, there are 4!=24 possible row arrangements and 3!=6 possible column arrangements. In some embodiments, one of these row arrangements or column arrangement are randomly selected. By doing so, it is possible to increase the difficulty faced by an attacker in determining the coordinates of touchscreen interactions by a user.
Another possibility is “rolling” up the rows by rollup parameter RP, which is an integer greater than or equal to 1. This involves moving each row up RP times and “wrapping around” when it reaches the top. An example is demonstrated below:
FIG. 7H shows the starting position for the keypad. The notation for the row references in FIG. 7H are 7H-01-(row position). For example, the reference for row position 0 is denoted as 7H-01-0; the reference for row position 1 is denoted as 7H-01-1 and so on. The notation for the column references in FIG. 4 are 7H-11-(column position). For example, the reference for column position 0 is denoted as 7H-11-0, the reference for column position 1 is denoted as 7H-11-1 and so on.
Initially
    • row 7C-09-1 is in row position 0, referenced as 7H-01-0;
    • row 7C-09-2 is in row position 1, referenced as 7H-01-1;
    • row 7C-09-3 is in row position 2, referenced as 7H-01-2;
    • row 7C-09-4 is in row position 3, referenced as 7H-01-3;
    • column 7C-14-1 is in column position 0, referenced as 7H-11-0;
    • column 7C-14-2 is in column position 1, referenced as 7H-11-1; and
    • column 7C-14-3 is in column position 2, referenced as 7H-11-2.
Then RP is randomly selected from a range [1, 3]. The new row position is determined by
New row position=(Starting row position+RP)   (mod 4),
where mod denotes the integer modulo operation.
FIG. 7I shows an example where RP=1. In FIG. 7I,
    • New row position of 7C-09-1=(0+1)(mod 4)=1, referenced by 7H-01-1;
    • New row position of 7C-09-2=(1+1)(mod 4)=2, referenced by 7H-01-2;
    • New row position of 7C-09-3=(2+1)(mod 4)=3, referenced by 7H-01-3; and
    • New row position of 7C-09-4=(3+1)(mod 4)=0, referenced by 7H-01-0.
A similar operation can be carried out for columns. This is denoted as “flipping” columns by flip parameter (FP) which is an integer greater than or equal to 1. Each column is moved rightwards FP times and “wrapped around” when it reaches the right edge.
FIG. 7H above shows the starting position for the keypad. FP is randomly selected from a range [1, 2]. The new column position is determined by:
New column position=(Starting column position+FP)   (mod 3)
FIG. 7J shows an example where FP=1.
    • New column position of 7C-14-1=(0+1)(mod 3)=1, referenced by 7H-11-1;
    • New column position of 7C-14-2=(1+1)(mod 3)=2, referenced by 7H-11-2; and
    • New column position of 7C-14-3=(2+1)(mod 3)=0, referenced by 7H-11-0;
Another possibility is randomly “mirroring” the button layout. A left to right mirror image of the starting position keypad in FIG. 7H is given in FIG. 7K. As can be seen in FIG. 7K, column 7C-14-1 changes position to column position 7H-11-2 and column position 7C-14-3 changes position to column position 7H-11-0. Then randomization subsystem 7A-08 makes a random selection from either the starting position or the horizontal mirrored position.
In some embodiments, a vertical mirroring is used as shown in FIG. 7L. In the vertical mirror image, the row positions of 7C-09-1 and 7C-09-4 in the starting position are interchanged, as are the row positions of 7C-09-2 and 7C-09-3. Then randomization subsystem 7A-08 makes a random selection from either the starting position or the vertical mirrored position.
It is possible to randomly select two or more display parameters in combination. FIG. 7M illustrates one example of a random selection of a combination of location of the keypad relative to a corner; and size of the keypad. In step 7M-01, keypad width 7B-14 is selected randomly by randomization subsystem 7A-08 from the range [Xkeymin, (touchscreen width 7B-07−2×x-direction gap 7B-12)]. Xkeymin represents a minimum width for the keypad.
In step 7M-02, randomization subsystem 7A-08 randomly selects keypad height 7B-09 from the range [Ykeymin, (touchscreen height 7B-05−2×y-direction gap 7B-08)]. Ykeymin represents a minimum height for the keypad.
In step 7M-03, randomization subsystem 7A-08 randomly selects x-coordinate 7B-13 from the range [0, (touchscreen width 7B-07keypad width 7B-14)].
In step 7M-04, randomization subsystem 7A-08 randomly selects y-coordinate 7B-11 from the range [0, (touchscreen height 7B-05keypad height 7B-09)].
In some embodiments, sequences of random selections of combinations of display parameters are implemented. For example, a sequence for a combination of randomization of location of keypad, size of keypad, size of buttons and positions of groups of buttons is shown in FIG. 7N. In step 7N-01, randomization subsystem 7A-08 randomly selects a size of the keypad 7B-03 as described above. In step 7N-02, randomization subsystem 7A-08 randomly selects a location of the keypad 7B-03 using the process described above. In step 7N-03, randomization subsystem 7A-08 randomly selects the size of the buttons of keypad 7B-03 as described above. In step 7N-04, randomization subsystem 7A-08 randomly selects positions of groups of buttons as described above.
In some embodiments, the COTS device combines the features of the devices shown in FIGS. 2A, 2C and 7A. For example, in some embodiments, the COTS device implements the functionalities of randomization subsystem 7A-08 from FIG. 7A, and application installation controller 2C-08 shown in FIG. 2C. This enables implementation of the secure process for application installation and updating, and the randomization of the display parameters of the PIN pad for the same COTS device as described above.
One example of this disclosure includes a system to indicate to a user to enter a personal identification number (PIN) on a commercial off the shelf (COTS) device, said system comprising a secure card reader communicatively coupled to the COTS device via either a connection or a network, wherein the secure card reader receives a payment card, a payment application installed on the COTS device, and one or more devices other than the COTS device, wherein the one or more devices are communicatively coupled to the COTS device via the network; wherein the payment application installed on the COTS device transmits one or more prompts to the one or more devices other than the COTS device based on a set of signals received from the secure card reader, wherein the secure card reader transmits the set of signals after the payment card is received at the secure card reader, and wherein said one or more prompts comprise at least one indication to the user to enter the PIN on a display of the COTS device.
In one or more of the above examples, the at least one indication comprises at least one of a visual indication, an audio indication, and a motion indication.
In one or more of the above examples, the one or more devices other than the COTS device comprise the secure card reader.
In one or more of the above examples, the one or more devices other than the COTS device comprise a user device associated with the user.
In one or more of the above examples, the payment application transmits one or more prompts after a request is received from the secure card reader for the PIN.
In one or more of the above examples, the COTS device is coupled to an application store and a terminal management server (TMS) via a network, a vendor uploads the payment application to the application store, and said COTS device downloads said application via said network, and after said downloading by said terminal, said TMS authorizes said COTS device to install and run said downloaded application.
In one or more of the above examples, after said application is downloaded by said COTS device, said TMS authenticates said application.
In one or more of the above examples, prior to said upload, said vendor encrypts one or more portions of said application, and said the COTS device obtains a decryption key from said TMS to decrypt said encrypted one or more portions after said authentication and authorization.
In one or more of the above examples, said encryption is operative to either prevent exposure of said one or more portions of said application outside a trusted environment, or prevent the application from performing critical or sensitive operations in unauthorized platforms.
In one or more of the above examples, said payment application displays a PIN pad having one or more display parameters on a display of said COTS device, and said COTS device comprises a randomization subsystem to randomly select one or more variables related to at least one of one or more display parameters, wherein said one or more display parameters include a location of a keypad relative to an edge of a touchscreen, a size of said keypad, one or more sizes of one or more buttons within said keypad, and one or more positions of one or more groups of the one or more buttons within said keypad.
Another example of this disclosure includes a method to indicate to a user to enter a personal identification number (PIN) on a commercial off the shelf (COTS) device, said method comprising receiving a payment card on a secure card reader coupled to the COTS device, and transmitting, by a payment application running on the COTS device, one or more prompts to one or more devices other than the COTS device after said receiving, wherein said one or more prompts comprise at least one indication to the user to enter the PIN on a display of the COTS device.
In one or more of the above examples, the one or more devices other than the COTS device comprise either the secure card reader or a user device associated with the user.
In one or more of the above examples, the method further comprises receiving, by the COTS device, a request from the secure card reader for the PIN, wherein the transmitting of the one or more prompts occurs after the receiving of the request from the secure card reader.
In one or more of the above examples, the COTS device is coupled to an application store and a terminal management server (TMS) via a network, and the method further comprises uploading, by a vendor, the payment application to the application store, and downloading, by said COTS device, said application via said network, wherein said TMS authorizes said COTS device to install and run said downloaded application.
In one or more of the above examples, after said downloading, said TMS authenticates said application.
In one or more of the above examples, prior to said uploading, said vendor encrypts one or more portions of said application, and said COTS device obtains a decryption key from said TMS to decrypt said encrypted one or more portions after said authentication and authorization.
In one or more of the above examples, the method further comprises classifying said downloaded application into one of a plurality of classes, each of said plurality of classes corresponding to an app class sandbox, wherein said classifying is performed based on level of authorization and type of application.
In one or more of the above examples, the method further comprises uploading, by the vendor, either a patch or an upgrade to said payment application to said application store, wherein the COTS device downloads said patch or said upgrade via said network, and wherein after said downloading, said TMS authorizes said COTS device to install and run said patch or said upgrade.
In one or more of the above examples, the method further comprises displaying a PIN pad having one or more display parameters on a display of said COTS device, and randomly selecting one or more variables related to at least one of one or more display parameters, wherein said one or more display parameters comprise a location of a keypad relative to an edge of a touchscreen, a size of said keypad, one or more sizes of one or more buttons within said keypad, and one or more positions of one or more groups of the one or more buttons within said keypad.
In one or more of the above examples, said random selecting comprises either rolling up rows or flipping columns.
It should be understood that the drawings and detailed description herein are to be regarded in an illustrative rather than a restrictive manner, and are not intended to be limiting to the particular forms and examples disclosed. On the contrary, included are any further modifications, changes, rearrangements, substitutions, alternatives, design choices, and embodiments apparent to those of ordinary skill in the art, without departing from the spirit and scope hereof, as defined by the following claims. Thus, it is intended that the following claims be interpreted to embrace all such further modifications, changes, rearrangements, substitutions, alternatives, design choices, and embodiments.

Claims (20)

What is claimed is:
1. A system to indicate to a user to enter a personal identification number (PIN) on a commercial off the shelf (COTS) device, said system comprising:
a secure card reader communicatively coupled to the COTS device via either a connection or a network; and
an application store, a terminal management server (TMS) and one or more devices other than the COTS device are communicatively coupled to the COTS device via the network,
wherein a vendor uploads a payment application to the application store for downloading by the COTS device via the network, and one or more portions of the payment application are encrypted,
wherein after downloading of the payment application by the COTS device, the TMS authenticates the downloaded payment application, and authorizes the COTS device to install and run the downloaded payment application,
wherein the TMS provides a decryption key to the COTS device via the network for decryption of the one or more portions of the payment application after the authentication and the authorization, and
wherein the payment application installed on the COTS device transmits one or more prompts to the one or more devices other than the COTS device via the network,
further wherein:
the transmission of the one or more prompts is based on a set of signals received from the secure card reader after a payment card is received at the secure card reader, and
the one or more prompts comprise at least one indication to the user to enter the PIN on a display of the COTS device.
2. The system of claim 1, wherein the at least one indication comprises at least one of:
a visual indication;
an audio indication; and
a motion indication.
3. The system of claim 1, wherein the one or more devices other than the COTS device comprise either the secure card reader or a user device associated with the user.
4. The system of claim 1, wherein the payment application transmits the one or more prompts after a request is received from the secure card reader for the PIN.
5. The system of claim 1, wherein:
said payment application displays a PIN pad having one or more display parameters on the display of said COTS device; and
said COTS device comprises a randomization subsystem to randomly select one or more variables related to at least one of the one or more display parameters, wherein said one or more display parameters include:
a location of a keypad relative to an edge of a touchscreen,
a size of said keypad,
one or more sizes of one or more buttons within said keypad, and
one or more positions of one or more groups of the one or more buttons within said keypad.
6. A method to indicate to a user to enter a personal identification number (PIN) on a commercial off the shelf (COTS) device, said method comprising:
uploading a payment application to an application store for downloading by a COTS device, wherein one or more portions of the payment application are encrypted;
providing a TMS to:
authenticate the payment application after downloading by the COTS device,
authorize the COTS device to install and run the downloaded application, and
send a decryption key to the COTS device to decrypt the encrypted one or more portions of the downloaded application after the authentication and authorization; and
transmitting, by the payment application running on the COTS device, one or more prompts to one or more devices other than the COTS device after a secure card reader receives a payment card,
wherein said one or more prompts comprise at least one indication to the user to enter the PIN on a display of the COTS device.
7. The method of claim 6, wherein the one or more devices other than the COTS device comprise either the secure card reader or a user device associated with the user.
8. The method of claim 6, wherein the transmitting of the one or more prompts occurs after a request for the PIN is received.
9. The method of claim 6, further comprising classifying said downloaded application into one of a plurality of classes, each of said plurality of classes corresponding to an application class sandbox.
10. The system of claim 1, wherein the COTS device classifies the downloaded application into one of a plurality of classes, each of the plurality of classes corresponding to an application class sandbox.
11. A method to provide a payment application to enable a user to enter a personal identification number (PIN) on a commercial off the shelf (COTS) device, said method comprising:
uploading the payment application to an application store for downloading by the COTS device;
providing a terminal management server (TMS) to authorize the COTS device to install and run the downloaded application;
enabling the payment application on the COTS device to transmit one or more prompts to one or more devices other than the COTS device after a payment card is received on a secure card reader,
wherein the one or more prompts comprise at least one indication to the user to enter the PIN on a display of the COTS device;
uploading either a patch or an upgrade to the payment application to the application store for downloading by the COTS device; and
enabling the TMS to authorize the COTS device to install and run the patch or the upgrade after downloading by the COTS device.
12. The method of claim 11, wherein the at least one indication comprises at least one of:
a visual indication;
an audio indication; and
a motion indication.
13. The method of claim 11, wherein the one or more devices other than the COTS device comprise either the secure card reader or a user device associated with the user.
14. The method of claim 11, wherein the transmitting of the one or more prompts occurs after a request for the PIN is received.
15. The method of claim 11, further comprising configuring the COTS device to classify the downloaded application into one of a plurality of classes, each of said plurality of classes corresponding to an application class sandbox.
16. The method of claim 15, further wherein the classifying is based on at least one of:
an attribute field related to the payment application,
a signing key related to the payment application, and
information provided by the TMS and related to an authentication of the payment application.
17. The method of claim 11, further comprising encrypting one or more portions of the payment application prior to the uploading to the application store.
18. The method of claim 17, further comprising enabling the TMS to:
authenticate the payment application after downloading by the COTS device; and
provide a decryption key to the COTS device to decrypt the encrypted one or more portions after the authentication and authorization.
19. The method of claim 11, further comprising enabling the TMS to authenticate the payment application after downloading by the COTS device.
20. The system of claim 1, wherein the TMS is communicatively coupled to the COTS device via an encrypted channel.
US16/540,666 2017-10-24 2019-08-14 System and method for indicating entry of personal identification number Active US11062299B2 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US16/540,666 US11062299B2 (en) 2017-10-24 2019-08-14 System and method for indicating entry of personal identification number
PCT/CN2019/102299 WO2020038467A1 (en) 2018-08-23 2019-08-23 System and method for indicating entry of personal identification number
CN201980069631.XA CN112889262A (en) 2018-08-23 2019-08-23 System and method for indicating input of personal identification number
US17/368,934 US11663584B2 (en) 2017-10-24 2021-07-07 System and method for indicating entry of personal identification number
US18/197,620 US12039519B2 (en) 2017-10-24 2023-05-15 System and method for indicating entry of personal identification number
US18/735,539 US20240330897A1 (en) 2017-10-24 2024-06-06 System and method for indicating entry of personal identification number

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US201762576401P 2017-10-24 2017-10-24
US201862668866P 2018-05-09 2018-05-09
US201862721795P 2018-08-23 2018-08-23
US16/166,353 US10936189B2 (en) 2017-10-24 2018-10-22 System and method for a keypad on a touch screen device
PCT/CN2019/086235 WO2019214687A1 (en) 2018-05-09 2019-05-09 Terminal hardware configuration system
US16/540,666 US11062299B2 (en) 2017-10-24 2019-08-14 System and method for indicating entry of personal identification number

Related Parent Applications (2)

Application Number Title Priority Date Filing Date
US16/166,353 Continuation-In-Part US10936189B2 (en) 2017-10-24 2018-10-22 System and method for a keypad on a touch screen device
PCT/CN2019/086235 Continuation-In-Part WO2019214687A1 (en) 2017-10-24 2019-05-09 Terminal hardware configuration system

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/368,934 Continuation US11663584B2 (en) 2017-10-24 2021-07-07 System and method for indicating entry of personal identification number

Publications (2)

Publication Number Publication Date
US20190370785A1 US20190370785A1 (en) 2019-12-05
US11062299B2 true US11062299B2 (en) 2021-07-13

Family

ID=68695470

Family Applications (4)

Application Number Title Priority Date Filing Date
US16/540,666 Active US11062299B2 (en) 2017-10-24 2019-08-14 System and method for indicating entry of personal identification number
US17/368,934 Active US11663584B2 (en) 2017-10-24 2021-07-07 System and method for indicating entry of personal identification number
US18/197,620 Active US12039519B2 (en) 2017-10-24 2023-05-15 System and method for indicating entry of personal identification number
US18/735,539 Pending US20240330897A1 (en) 2017-10-24 2024-06-06 System and method for indicating entry of personal identification number

Family Applications After (3)

Application Number Title Priority Date Filing Date
US17/368,934 Active US11663584B2 (en) 2017-10-24 2021-07-07 System and method for indicating entry of personal identification number
US18/197,620 Active US12039519B2 (en) 2017-10-24 2023-05-15 System and method for indicating entry of personal identification number
US18/735,539 Pending US20240330897A1 (en) 2017-10-24 2024-06-06 System and method for indicating entry of personal identification number

Country Status (1)

Country Link
US (4) US11062299B2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11917067B2 (en) * 2019-12-28 2024-02-27 Intel Corporation Apparatuses, methods, and systems for instructions for usage restrictions cryptographically tied with data

Citations (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030182558A1 (en) 2002-02-05 2003-09-25 Lazzaro John R. Dynamic PIN pad for credit/debit/ other electronic transactions
US20060053301A1 (en) 2002-12-23 2006-03-09 Hwa-Shik Shin Device and method for inputting password using random keypad
US20060224523A1 (en) 2005-03-31 2006-10-05 Elvitigala Rajith T Dynamic keypad
US20070174615A1 (en) 2005-04-11 2007-07-26 Lastmile Communications Limited Method and device for communication using random codes
CN201035502Y (en) 2006-12-28 2008-03-12 上海麦柯信息技术有限公司 Safety accidental dynamic soft keyboard
JP4616013B2 (en) 2005-01-12 2011-01-19 富士通フロンテック株式会社 Payment-enabled application that ensures security
US20120047564A1 (en) 2009-05-15 2012-02-23 Setcom (Pty) Ltd. Security system and method
US20120104090A1 (en) 2010-10-29 2012-05-03 International Business Machines Corporation Card-reader apparatus
US20120268393A1 (en) 2011-04-25 2012-10-25 SoftLayer Technologies,Inc. System and Method for Secure Data Entry
US20120280923A1 (en) 2011-04-08 2012-11-08 Paul Vincent System for protecting pin data when using touch capacitive touch technology on a point-of-sale terminal or an encrypting pin pad device
US8392846B2 (en) 2010-01-28 2013-03-05 Gilbarco, S.R.L. Virtual pin pad for fuel payment systems
US8397988B1 (en) 2002-08-09 2013-03-19 Britesmart Llc Method and system for securing a transaction using a card generator, a RFID generator, and a challenge response protocol
US20130086389A1 (en) 2011-09-30 2013-04-04 Nx B.V. Security Token and Authentication System
US20130127725A1 (en) 2011-11-18 2013-05-23 Konica Minolta Business Technologies, Inc. Operation input system and operation input method
CN103425944A (en) 2013-07-16 2013-12-04 深圳市文鼎创数据科技有限公司 Information safety input method and information safety device
US20130333011A1 (en) 2012-06-12 2013-12-12 Square, Inc. Software pin entry
US20140108793A1 (en) * 2012-10-16 2014-04-17 Citrix Systems, Inc. Controlling mobile device access to secure data
US20140248853A1 (en) * 2013-03-04 2014-09-04 Wind River Systems, Inc. System And Method for Smart Card Based Hardware Root of Trust on Mobile Platforms Using Near Field Communications
US20140283092A1 (en) 2013-03-15 2014-09-18 Microsoft Corporation Controlled Application Distribution
US20140324708A1 (en) 2012-06-12 2014-10-30 Square, Inc. Raw sensor input encryption for passcode entry security
US20150006407A1 (en) * 2012-01-13 2015-01-01 Ebay Inc. Systems, methods, and computer program products providing payment in cooperation with emv card readers
US20150046338A1 (en) * 2013-08-08 2015-02-12 Prasanna Laxminarayanan Multi-network tokenization processing
US20150046323A1 (en) * 2013-08-12 2015-02-12 Mastercard International Incorporated Method and system for local evaluation of computer
US20150137944A1 (en) * 2013-11-21 2015-05-21 Red Hat, Inc. Preventing the discovery of access codes
US20150324800A1 (en) 2012-09-21 2015-11-12 Mts Holdings, Inc. System and Method of Processing PIN-Based Payment Transactions via Mobile Devices
US9214051B1 (en) 2011-01-04 2015-12-15 Bank Of America Coporation Dynamic touch screen for automated teller machines (“ATMs”)
US20160078434A1 (en) * 2013-05-15 2016-03-17 Visa International Service Association Methods and systems for provisioning payment credentials
WO2016188231A1 (en) 2015-10-19 2016-12-01 中兴通讯股份有限公司 Verification method and apparatus
CN106304040A (en) 2015-05-25 2017-01-04 阿里巴巴集团控股有限公司 The management method of Mobile solution, device
CN106462428A (en) 2014-04-30 2017-02-22 施耐德电器工业公司 Systems and methods for delivering and accessing software components
US20170116424A1 (en) * 2015-10-23 2017-04-27 Oracle International Corporation Establishing trust between containers
CN106709382A (en) 2015-07-21 2017-05-24 阿里巴巴集团控股有限公司 Keyboard display method and device
CN106980801A (en) 2017-03-03 2017-07-25 杭州智贝信息科技有限公司 A kind of intelligent terminal with safe input system
CN106991306A (en) 2017-03-17 2017-07-28 维沃移动通信有限公司 A kind of method and mobile terminal for inputting password
US20170235962A1 (en) 2015-09-21 2017-08-17 Jonathan A Clark Secure Electronic Keypad Entry
US20180365382A1 (en) * 2017-06-20 2018-12-20 International Business Machines Corporation Power-efficient health affliction classification
US20190362334A1 (en) * 2016-11-21 2019-11-28 Huawei Technologies Co., Ltd. Transaction Method, Payment Device, Check Device, and Server

Family Cites Families (59)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5213422A (en) 1990-04-13 1993-05-25 Moishe Garfinkle Bicameral pictographic-language keyboard
US5128672A (en) 1990-10-30 1992-07-07 Apple Computer, Inc. Dynamic predictive keyboard
US5574482A (en) 1994-05-17 1996-11-12 Niemeier; Charles J. Method for data input on a touch-sensitive screen
US5847697A (en) 1995-01-31 1998-12-08 Fujitsu Limited Single-handed keyboard having keys with multiple characters and character ambiguity resolution logic
US5708709A (en) 1995-12-08 1998-01-13 Sun Microsystems, Inc. System and method for managing try-and-buy usage of application programs
JP2000010689A (en) 1998-06-22 2000-01-14 Sharp Corp Free key layout setting device
US20120323788A1 (en) 2002-02-05 2012-12-20 Cardinalcommerce Corporation Dynamic pin pad for credit/debit/other electronic transactions
FI20021162A0 (en) 2002-06-14 2002-06-14 Nokia Corp Electronic device and a method for administering its keypad
GB0318198D0 (en) * 2003-08-02 2003-09-03 Koninkl Philips Electronics Nv Copy-protected application for digital broadcasting system
US7512800B2 (en) * 2004-02-03 2009-03-31 Hewlett-Packard Development Company, L.P. Key management technique for establishing a secure channel
US20050193208A1 (en) 2004-02-26 2005-09-01 Charrette Edmond E.Iii User authentication
US7255503B2 (en) 2004-05-17 2007-08-14 Charlene H. Grafton Dual numerical keyboard based on dominance
KR100716975B1 (en) 2004-07-10 2007-05-10 삼성전자주식회사 User certification apparatus and user certification method
US20060039566A1 (en) 2004-08-19 2006-02-23 Xerox Corporation System for installing software with encrypted client-server communication
JP4578366B2 (en) 2004-09-20 2010-11-10 株式会社ソニー・コンピュータエンタテインメント Method and apparatus for distributing software applications
US20060132447A1 (en) 2004-12-16 2006-06-22 Conrad Richard H Method and apparatus for automatically transforming functions of computer keyboard keys and pointing devices by detection of hand location
JPWO2007007682A1 (en) 2005-07-08 2009-01-29 三菱電機株式会社 Touch panel display device and portable device
US8059100B2 (en) 2005-11-17 2011-11-15 Lg Electronics Inc. Method for allocating/arranging keys on touch-screen, and mobile terminal for use of the same
US8769275B2 (en) * 2006-10-17 2014-07-01 Verifone, Inc. Batch settlement transactions system and method
US9123042B2 (en) * 2006-10-17 2015-09-01 Verifone, Inc. Pin block replacement
US20080114685A1 (en) 2006-11-15 2008-05-15 Keen Hun Leong System and method for preventing unauthorized installation of a software program
US20080148186A1 (en) 2006-12-18 2008-06-19 Krishnamurthy Sandeep Raman Secure data entry device and method
JP5073308B2 (en) * 2007-02-08 2012-11-14 株式会社エヌ・ティ・ティ・ドコモ Content transaction management server device, content providing server device, terminal device and program thereof
US20080224897A1 (en) 2007-03-14 2008-09-18 Silva David P Computer keypad for improved input efficiency
KR100913962B1 (en) 2007-05-14 2009-08-26 삼성전자주식회사 Method and apparatus of inputting character in Mobile communication terminal
US20090079702A1 (en) 2007-09-25 2009-03-26 Nokia Corporation Method, Apparatus and Computer Program Product for Providing an Adaptive Keypad on Touch Display Devices
US8312373B2 (en) 2007-10-18 2012-11-13 Nokia Corporation Apparatus, method, and computer program product for affecting an arrangement of selectable items
US20100064212A1 (en) 2008-09-11 2010-03-11 Sony Ericsson Mobile Communications Ab Electronic Device Having a User Input Interface Opposite a Display
US20110006996A1 (en) 2009-07-08 2011-01-13 Smith Nathan J Private data entry
US8627224B2 (en) 2009-10-27 2014-01-07 Qualcomm Incorporated Touch screen keypad layout
US20110102328A1 (en) 2009-11-04 2011-05-05 Tonny Chen Hyper folding portable electronic device
US8982160B2 (en) 2010-04-16 2015-03-17 Qualcomm, Incorporated Apparatus and methods for dynamically correlating virtual keyboard dimensions to user finger size
US8390573B2 (en) 2010-04-26 2013-03-05 Chris Trout Data processing device
US8843844B2 (en) 2011-03-17 2014-09-23 Intellitact Llc Input device enhanced interface
TWI453628B (en) 2012-01-12 2014-09-21 Amtran Technology Co Ltd Method for adaptively adjusting size of virtual keys and display device usnig the same
US9778841B2 (en) 2012-02-10 2017-10-03 Hand Held Products, Inc. Apparatus having random ordered keypad
US9035883B2 (en) 2012-03-07 2015-05-19 Google Technology Holdings LLC Systems and methods for modifying virtual keyboards on a user interface
WO2014023118A1 (en) 2012-08-09 2014-02-13 Li Yonggui Keyboard and mouse of cellular phone
US9268364B2 (en) 2012-08-31 2016-02-23 Trewgrip, Llc Ergonomic data entry device
JP5708600B2 (en) 2012-09-18 2015-04-30 コニカミノルタ株式会社 Image forming apparatus and program
US20140098141A1 (en) 2012-10-10 2014-04-10 At&T Intellectual Property I, L.P. Method and Apparatus for Securing Input of Information via Software Keyboards
FR3003373B1 (en) 2013-03-14 2015-04-03 Compagnie Ind Et Financiere Dingenierie Ingenico METHOD AND DEVICE FOR VISUALIZATION SECURED ON A SCREEN OF AN ELECTRONIC TERMINAL, TERMINAL CORRESPONDING
CN104423855B (en) 2013-08-26 2019-01-15 联想(北京)有限公司 A kind of information processing method and electronic equipment
CN103576879B (en) 2013-09-29 2016-03-30 罗蒙明 A kind of method realizing both hands thumb manipulation widescreen dummy keyboard button
CN104683409B (en) 2013-11-29 2019-03-01 华为终端(东莞)有限公司 The method and terminal of terminal room Application share
WO2015099644A1 (en) 2013-12-23 2015-07-02 Intel Corporation Methods and apparatus to facilitate secure screen input
CN103761472B (en) 2014-02-21 2017-05-24 北京奇虎科技有限公司 Application program accessing method and device based on intelligent terminal
US20150310199A1 (en) 2014-04-24 2015-10-29 Echostar Technologies L.L.C. Secure data entry
CN105447378B (en) 2014-08-27 2018-07-13 阿里巴巴集团控股有限公司 A kind of method for generating cipher code and device
FR3026207B1 (en) 2014-09-22 2018-08-17 Prove & Run SECURE DISPLAY TERMINAL
JP6179493B2 (en) 2014-09-25 2017-08-16 コニカミノルタ株式会社 Image forming apparatus and program
US9697383B2 (en) 2015-04-14 2017-07-04 International Business Machines Corporation Numeric keypad encryption for augmented reality devices
US9754126B2 (en) 2015-10-13 2017-09-05 Verizon Patent And Licensing Inc. Virtual input mechanism for secure data acquisition
US10839077B2 (en) 2015-12-24 2020-11-17 British Telecommunications Public Limited Company Detecting malicious software
US10043021B2 (en) 2016-04-07 2018-08-07 Blackberry Limited Controlling access to application data
US11233649B2 (en) 2016-12-22 2022-01-25 Huawei Technologies Co., Ltd. Application program authorization method, terminal, and server
US10146927B2 (en) 2017-04-03 2018-12-04 Fujitsu Limited Dynamic keypad for access code input
CN111512608B (en) 2017-09-27 2021-09-07 华为技术有限公司 Trusted execution environment based authentication protocol
US11694178B2 (en) * 2021-02-23 2023-07-04 Block, Inc. Embedded card reader security

Patent Citations (38)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030182558A1 (en) 2002-02-05 2003-09-25 Lazzaro John R. Dynamic PIN pad for credit/debit/ other electronic transactions
US8397988B1 (en) 2002-08-09 2013-03-19 Britesmart Llc Method and system for securing a transaction using a card generator, a RFID generator, and a challenge response protocol
US20060053301A1 (en) 2002-12-23 2006-03-09 Hwa-Shik Shin Device and method for inputting password using random keypad
JP4616013B2 (en) 2005-01-12 2011-01-19 富士通フロンテック株式会社 Payment-enabled application that ensures security
US20060224523A1 (en) 2005-03-31 2006-10-05 Elvitigala Rajith T Dynamic keypad
US20070174615A1 (en) 2005-04-11 2007-07-26 Lastmile Communications Limited Method and device for communication using random codes
CN201035502Y (en) 2006-12-28 2008-03-12 上海麦柯信息技术有限公司 Safety accidental dynamic soft keyboard
US20120047564A1 (en) 2009-05-15 2012-02-23 Setcom (Pty) Ltd. Security system and method
CN102422302A (en) 2009-05-15 2012-04-18 赛特康姆有限公司 Security system and method
US8392846B2 (en) 2010-01-28 2013-03-05 Gilbarco, S.R.L. Virtual pin pad for fuel payment systems
US20120104090A1 (en) 2010-10-29 2012-05-03 International Business Machines Corporation Card-reader apparatus
US9214051B1 (en) 2011-01-04 2015-12-15 Bank Of America Coporation Dynamic touch screen for automated teller machines (“ATMs”)
US20120280923A1 (en) 2011-04-08 2012-11-08 Paul Vincent System for protecting pin data when using touch capacitive touch technology on a point-of-sale terminal or an encrypting pin pad device
US20120268393A1 (en) 2011-04-25 2012-10-25 SoftLayer Technologies,Inc. System and Method for Secure Data Entry
US20130086389A1 (en) 2011-09-30 2013-04-04 Nx B.V. Security Token and Authentication System
US20130127725A1 (en) 2011-11-18 2013-05-23 Konica Minolta Business Technologies, Inc. Operation input system and operation input method
US20150006407A1 (en) * 2012-01-13 2015-01-01 Ebay Inc. Systems, methods, and computer program products providing payment in cooperation with emv card readers
US20130333011A1 (en) 2012-06-12 2013-12-12 Square, Inc. Software pin entry
US20140324708A1 (en) 2012-06-12 2014-10-30 Square, Inc. Raw sensor input encryption for passcode entry security
US20150324800A1 (en) 2012-09-21 2015-11-12 Mts Holdings, Inc. System and Method of Processing PIN-Based Payment Transactions via Mobile Devices
US20140108793A1 (en) * 2012-10-16 2014-04-17 Citrix Systems, Inc. Controlling mobile device access to secure data
US20140248853A1 (en) * 2013-03-04 2014-09-04 Wind River Systems, Inc. System And Method for Smart Card Based Hardware Root of Trust on Mobile Platforms Using Near Field Communications
US20140283092A1 (en) 2013-03-15 2014-09-18 Microsoft Corporation Controlled Application Distribution
US20160078434A1 (en) * 2013-05-15 2016-03-17 Visa International Service Association Methods and systems for provisioning payment credentials
CN103425944A (en) 2013-07-16 2013-12-04 深圳市文鼎创数据科技有限公司 Information safety input method and information safety device
US20150046338A1 (en) * 2013-08-08 2015-02-12 Prasanna Laxminarayanan Multi-network tokenization processing
US20150046323A1 (en) * 2013-08-12 2015-02-12 Mastercard International Incorporated Method and system for local evaluation of computer
US20150137944A1 (en) * 2013-11-21 2015-05-21 Red Hat, Inc. Preventing the discovery of access codes
CN106462428A (en) 2014-04-30 2017-02-22 施耐德电器工业公司 Systems and methods for delivering and accessing software components
CN106304040A (en) 2015-05-25 2017-01-04 阿里巴巴集团控股有限公司 The management method of Mobile solution, device
CN106709382A (en) 2015-07-21 2017-05-24 阿里巴巴集团控股有限公司 Keyboard display method and device
US20170235962A1 (en) 2015-09-21 2017-08-17 Jonathan A Clark Secure Electronic Keypad Entry
WO2016188231A1 (en) 2015-10-19 2016-12-01 中兴通讯股份有限公司 Verification method and apparatus
US20170116424A1 (en) * 2015-10-23 2017-04-27 Oracle International Corporation Establishing trust between containers
US20190362334A1 (en) * 2016-11-21 2019-11-28 Huawei Technologies Co., Ltd. Transaction Method, Payment Device, Check Device, and Server
CN106980801A (en) 2017-03-03 2017-07-25 杭州智贝信息科技有限公司 A kind of intelligent terminal with safe input system
CN106991306A (en) 2017-03-17 2017-07-28 维沃移动通信有限公司 A kind of method and mobile terminal for inputting password
US20180365382A1 (en) * 2017-06-20 2018-12-20 International Business Machines Corporation Power-efficient health affliction classification

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
Patent Cooperation Treaty: CN International Searching Authority; International Search Report and Written Opinion for PCT/CN2018/111603 ; Liu, Ke; dated Jan. 30, 2019; 10 pages.
Patent Cooperation Treaty: CN International Searching Authority; International Search Report and Written Opinion for PCT/CN2019/086235 ; Jiang, Li; dated Jul. 26, 2019; 9 pages.
Patent Cooperation Treaty: International Search Report and Written Opinion of PCT/CN2019/102299 (related application), dated Nov. 25, 2019, 9 pages.
PCI Security Standards Council, Payment Card Industry (PCI) Software-Based PIN Entry on COTS Security Requirements Version 1.0, https://www.pcisecuritystandards.org, Jan. 31, 2018 (Jan. 31, 2018).

Also Published As

Publication number Publication date
US20210334784A1 (en) 2021-10-28
US20240330897A1 (en) 2024-10-03
US12039519B2 (en) 2024-07-16
US20230281600A1 (en) 2023-09-07
US20190370785A1 (en) 2019-12-05
US11663584B2 (en) 2023-05-30

Similar Documents

Publication Publication Date Title
US11995630B2 (en) Method and apparatus for providing secure services using a mobile device
US20200167775A1 (en) Virtual pos terminal method and apparatus
US9251513B2 (en) Stand-alone secure PIN entry device for enabling EMV card transactions with separate card reader
JP6313520B2 (en) Establishing a secure session between the card reader and mobile device
US20240330897A1 (en) System and method for indicating entry of personal identification number
CN103544599A (en) Embedded secure element for authentication, storage and transaction within a mobile terminal
US10447687B2 (en) Communication terminal, communication method, and communication system
US20240028672A1 (en) Terminal hardware configuration system
WO2020038467A1 (en) System and method for indicating entry of personal identification number
US20240338698A1 (en) System and method for personal identification number entry in a commercial off the shelf communication device
CN113383527B (en) Method for authenticating terminal user on trusted device
KR20160127460A (en) Payment apparatus using a card and payment method using the same

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

AS Assignment

Owner name: BBPOS LIMITED, HONG KONG

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:LO, CHI WAH;TSAI, HWAI SIAN;SIGNING DATES FROM 20190821 TO 20190822;REEL/FRAME:051523/0811

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: AWAITING TC RESP., ISSUE FEE NOT PAID

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE

CC Certificate of correction
AS Assignment

Owner name: STRIPE, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BBPOS LIMITED;REEL/FRAME:061790/0031

Effective date: 20221026

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY